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Executive Summary 

Purpose 

This edition of the President’s National Security 
Telecommunications Advisory Committee (NSTAC) Issue Review 
provides a comprehensive report of issues addressed 
by the NSTAC from its first meeting in December 
1982 to its most recent meeting on May 1, 2008. 

For each active and previous issue addressed by the 
NSTAC, the Issue Review provides the foiiowing 
information when appiicabie: names of the 
investigating groups, iength of time required for the 
investigation, issue background, a synopsis of actions 
and recommendations, measures resuiting from 
NSTAC recommendations, reports issued, and 
members of the current/active investigating groups. 

Since May 1, 2008, foiiowing the compietion of the 
NSTAC 2007-2008 cycie, the Nationai Communications 
System (NCS), has worked with the NSTAC, the 
Department of Fiomeiand Security, and the Executive 
Office of the President to forward NSTAC 
recommendations to the President and to Federai 
Government departments and agencies for potentiai 
adoption. As each of these recommendations move 
forward, the NSTAC issue Review wiii annuaiiy update 
the status of each recommendation to provide industry, 
Government, and the pubiic updated information on 
issues important to nationai security and emergency 
preparedness (NS/EP) communications. 

Background 

On September 13, 1982, President Ronaid Reagan 
issued Executive Order (E.O.) 12382, estabiishing 
the President’s NSTAC. The NSTAC, a presidentiaiiy- 
appointed advisory body comprised of up to 
30 senior executive ievei representatives from the 
communications, hardware, software and security 
services, banking, and aerospace companies provides 
the President with a unique source of NS/EP 
communications poiicy expertise. Severai factors 
infiuenced the estabiishment of the NSTAC at that 
time, inciudingthe divestiture of AT&T, increased 
Government reiiance on commerciai communications, 
and the potentiai impact of new technoiogies on 
communications supporting NS/EP requirements. 
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Appendix A of this document inciudes E.O. 12382, as 
weii as additionai NSTAC impiementing and governing 
documentation. Appendix B provides a iisting of 
current NSTAC members as of May 1, 2008. 

Since its inception, the NSTAC has advised seven 
administrations on issues pertaining to the reiiabiiity 
and security of communications technoiogies and their 
impact on the Nation's abiiity to protect its criticai 
infrastructures—issues vitai to America’s security 
and economic interests. Today, members of the 
communications and information technoiogy industries, 
as weii as the Federai Government, recognize the 
NSTAC as a modei for industry/Government 
coiiaboration. NSTAC accompiishments inciude 
many substantive recommendations to the President 
ieading to enhancements of the Nation’s NS/EP 
communications capabiiities, criticai infrastructure 
poiicies, and increased safeguards to the Nation’s 
communications infrastructure. 

During the past 25 years, the NSTAC has worked 
cooperativeiy with the NCS, an interagency consortium 
of Federai departments and agencies that serves as 
the focai point for NS/EP communications pianning for 
any crisis or disaster and provides staff support and 
technicai assistance to the committee. By virtue of its 
mandate to address NS/EP communications issues, 
the NSTAC’s partnership with the NCS is unique in 
two ways: (1) it faciiitates industry invoivement with 
both the defense and civii agencies comprising the 
NCS; and (2) it reguiariy sustains interaction between 
industry and the NCS member departments and 
agencies through the Nationai Coordinating Center 
(NCC); the Communications information Sharing 
and Anaiysis Center (iSAC); the Network Security 
information Exchange (NSiE) process; and most 
recentiy through the Communications Sector 
Coordinating Councii, which serves as a point of 
contact for its counterpart the Government 
Coordinating Councii. The NSTAC’s perspective 
and its experiences with a wide range of Federai 
departments and agencies make the committee a key 
strategic resource for the President and his nationai 
security and homeiand security teams in their efforts 
to protect our Nation’s criticai infrastructures in today’s 
dynamic and evoiving environment. 
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Membership on the NSTAC’s primary working 
body—the Industry Executive Subcommittee (lES)— 
consists of one representative from each company, 
appointed by his or her NSTAC Principal. The lES 
holds regular meetings to consider issues, analyses, 
and/or recommendations for presentation to the 
NSTAC Principals (and in turn to the President), and 
assists in the formation of task forces and working 
groups as directed by the committee to address 
specific issues requiring in-depth analyses. 

From May 2007 to May 2008, the NSTAC operated the 
following subordinate task forces and working groups: 

► The National Coordinating Center Task Force remained 
active and as a follow-on to the NSTAC Report to 
the President on the National Coordinating Center, 
in partnership with the Office of Cybersecurity and 
Communications, established a “tiger team” to 
examine the consolidation of the NCC, the United 
States Computer Emergency Readiness Team, and 
the Information Technology-ISAC. 

► The Emergency Communications and Interoperahility 
Task Force initiated an examination of how 
communications technologies should be 
integrated into the Federal Government’s 
emergency communications planning to support 
NS/EP activities and to recommend a future 
direction to ensure survivable and interoperable 
communications architecture for responders. 

► The International Task Force examined the current 
international NS/EP communications environment 
to evaluate present U.S. operational strategies, 
policies, and frameworks for international 
collaboration and prepare recommendations to the 
President to promote U.S. NS/EP interests in 
emerging international network security efforts. 

► The Glohal Infrastructure Resiliency Task Force (GIRTF) 

continued to develop operational recommendations 
to improve the overall resiliency of the global 
communications infrastructure by reviewing relevant 
operations and practices associated with network 
operational centers, examining risks inherent in such 
operations, and outlining the steps that service 


providers have taken to manage those risks. In 
addition, the GIRTF completed the NSTAC Report 
on Network Operations Centers and continues to 
investigate the issue of risk to Internet protocol 
NS/EP communications traffic during times of 
network congestion. 

► The Glohal Positioning System Working Group 

initiated the examination of the commercial 
communications reliance on Global Positioning 
System (GPS) and the possible impacts that a 
long term loss or disruption of GPS could have on 
the commercial communications industry. 

► The Network Security Scoping Group (NSSG) conducted 
two primary analytical exercises as part of its initial 
analysis to scope future NSTAC work in the area of 
network security, including: (1) a study of current 
and previous NSTAC, Federal Government, and 
standards-making bodies’ activities in the area 
network security; and (2) a comprehensive listing of 
network security issues of concern to the NSTAC in 
the form of a Terms of Reference document. As a 
result of this analysis work, the NSSG identified and 
described the issues of immediate concern in three 
scoping documents. 

► The Legislative and Regulatory Task Force continued 
to review and analyze legislative and regulatory 
activities affecting the NS/EP community. In 
addition, the group examined the distributed 
denial-of-service cyber attacks against the 
Republic of Estonia, as well as analyzed the Office 
of the Director of National Intelligence’s Annual 
Threat Assessment, which described the potential 
for cyber attacks against U.S. networks and the 
Nation’s information infrastructure. 

► The Research and Development Task Force (RDTF) 

focused on analyzing identity management (IdM) 
to determine the impact on NS/EP 
communications and performed a gap analysis 
that determined that the best role for the NSTAC 
is to continue to monitor and examine the 
development of IdM standards in the international 
community. In addition, the RDTF has begun 
preparations for the 2008 Research and 
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Development Exchange Workshop to be held at 
the Motorola, Inc. facilities in Schaumburg, Illinois 
on September 25-26, 2008. 

Many NSTAC recommendations result in operational 
activities that enhance NS/EP communications and 
information systems. Eor example, in its first set of 
recommendafions to the President, the NSTAC 
suggested the establishment of the NCC, an industry 
and Government coordination center for day-to-day 
operational support to NS/EP communications. In 
addition, the NSTAC assisted the Office of fhe Manager, 
NCS, in developing and eventually implementing the 
Telecommunications Service Priority System—one 
of the NCS’ most utilized priority service programs. 
Eurthermore, an NSTAC recommendation also resulted 
in the establishment of separate NSTAC and 
Government NSIEs, which meet regularly to address 
the threat of elecfronic infrusions and soffware 
vulnerabilifies, as well as to discuss mitigation strategies 
to protect the Nation’s critical communications and 
information systems. Einally, the NSTAC recommended 
the development of an access and credenfialing 
program to assist private sector companies gain access 
to Eederal disaster sites following an event of national 
significance. In response to this recommendation, the 
Department of Homeland Security developed, in 
partnership with Federal, State, and local Government 
entities, as well as a private sector company, an access 
standard operating procedure (SOP) to ensure that 
private critical infrastructure responders receive priority 
access to disaster areas. The access SOP has been 
adopted by the State of Georgia and has been 
distributed to a broader community, including the 
Homeland Security Advisors and the National 
Association of Regulatory Commissioners. 

Appendix 0 of this document contains the 
2008 NSTAC Executive Report to the President, which includes 
summaries of the May 2008 NSTAC open and closed 
sessions, as well as recommendations made to the 
President during the 2007-2008 NSTAC Cycle 
(May 2007-May 2008). 


Copies of NSTAC reports pertaining to the issues 
addressed in this document are available through: 

National Communications System 
Department of Homeland Security 
245 Murray Lane 
Mailstop 8510 
Washington, DC 20528 

www.ncs.gov/nstac/nstac.html 

nstacl@dhs.gov 
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National Coordinating Center 

Investigation Group / Period of Activity 

National Coordinating Mechanism Task Force 

December 1982 - November 1984 

Telecommunications System Survivability Task Force 

March 1986-June 1989 

National Coordinating Center for Telecommunications 
Vision Task Force 

October 1996 - April 1997 

Operations Support Group 

April 1997 - September 1999 

Information Sharing/Critical Infrastructure 
Protection Task Force 

September 1999 - May 2000 

National Coordinating Center Task Force 

December 2004 - July 2007 

Issue Background 

Following the divestiture of the AT&T monopoly in 1982, 
the telecommunications industry and the Federal 
Government collectively developed the concept of a 
national coordinating mechanism (NCM) by which the 
public and private sectors could coordinate national 
security and emergency preparedness (NS/EP) 
telecommunications efforts. A year later, the President's 
National Security Telecommunications Advisory 
Committee (NSTAC) recommended the creation of the 
National Coordinating Center (NCC) as the operational 
arm for the NCM. Consequently, in 1984, President 
Ronald Reagan called for the establishment of the NCC 
within the National Communications System (NCS) via 
Executive Order 12472, Assignment of National Security and 
Emergency Preparedness Telecommunications Function. 

Since that time, threats to the NS/EP 
telecommunications infrastructure have changed 
significantly, heightening the importance of daily 
coordination between industry and Government. In 
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May 1998, President Bill Clinton released Presidential 
Decision Directive (PDD) 63, Protecting America’s Critical 
Infrastmctures, a critical infrastructure protection (CIP) 
directive calling for, among other things, industry 
participation in the Government’s efforts to ensure the 
security of the Nation’s infrastructures. After studying 
the directive, the NSTAC recommended the NCC be 
designated the Telecommunications Information 
Sharing and Analysis Center (ISAC) as the NCC had 
already been performing similar functions in 
preparation for the Year 2000 rollover efforts. 

The NCC played a key role in maintaining and 
reestablishing NS/EP communications during and 
after the terrorist attacks of September 11, 2001. In 
March 2003, the NCC became part of the Department 
of Flomeland Security (DFIS) as a result of the 
transfer of the NCS from the Department of Defense 
(DOD). Flomeland Security Presidential Directive 7, 
Critical Infrastmcture Identification, Prioritization, and Protection, 
issued in December 2003, succeeded PDD-63 
and established a new national policy for Federal 
departments and agencies to identify and prioritize 
U.S. critical infrastructure and key resources and to 
protect them from terrorist attacks. As DFIS continues 
to grow and evolve, the NCC must also periodically 
reconsider its structure, organization, and approach to 
keep pace with rapid legal and regulatory changes. 

Currently, the NCC finds itself with three 
distinct missions: 

► Serving the White Flouse and NCS Member 
Agencies through its NS/EP mission; 

► Serving DFIS through its CIP mission; and 

► Fulfilling information sharing requirements through 
its information sharing and analysis function. 

History of NSTAC Actions and Recommendations 

The NSTAC emphasizes the importance of 
industry/Government coordination on NS/EP 
telecommunications—a role NSTAC accepted 
25 years ago. In its first report to the President in 
May 1983, the NSTAC recommended the 
development of the NCC—the operational arm for the 
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NCM approved by Government a year earlier to assist 
industry and Government in coordinating NS/EP 
telecommunications services in times of emergency. 

In 1984, the NSTAC followed this first report with its 
National Coordinating Mechanism Implementation Plan to assist 
the Government in determining how best to execute 
the coordinating mechanism. 

Since that time, the NSTAC has periodically revisited 
the NCC both conceptually and operationally to 
evaluate its mission, information sharing procedures, 
and overall effectiveness as changes occurred in the 
threat, policy, and technological environments facing 
the telecommunications industry. For instance, in 
1987, the committee’s Telecommunications Systems 
Survivability Task Force reviewed Government actions 
taken on the NCM recommendations and determined 
that the recommendations were carried out effectively. 
Furthermore, the task force determined that NCS 
member organizations’ representation in the NCC 
should continue. In the NCC Intrusion Incident Reporting 
Cnteria and Format Guidelines, the NCC Vision Task Force 
established standardized reporting criteria and outlined 
steps to improve NCC electronic intrusion report 
collection, processing, and distribution. 

In 1997, the Operations Support Group (OSG) worked 
closely with the NCS member organizations and NCC 
industry representatives to develop a common 
framework for assessing the center’s ongoing role in 
NS/EP telecommunications. In its OSG Report, the 
NSTAC recommended that the President establish a 
mechanism within the Federal Government with which 
the NCC could coordinate on intrusion incident 
information issues, and with which NSTAC groups could 
coordinate the development of standardized reporting 
criteria. In 1999, the Information Sharing/CIP Task 
Force investigated potential recommendations to be 
made in support of the goals outlined in PDD-63. As a 
result, the NSTAC issued numerous recommendations 
to the President including the development of 
mechanisms and processes for conducting protected, 
operational information sharing; the designation of the 
NCC as the Telecommunications ISAC; the necessary 
continued interaction with Government leaders 
responsible for PDD-63 implementation; and the 
expansion of participation in the Telecommunication 


ISAC during subsequent phases to include a broader 
spectrum of information technology (IT) and 
communications industry companies. As a result, the 
Federal Government officially established the NCC as 
the Telecommunications ISAC in January 2000. 

Following the October 21, 2004, NSTAC Principals’ 
Conference Call, the committee established the 
National Coordinating Center Task Force (NCCTF) to 
examine how best to balance both traditional network 
and cyber concerns and the changing national security 
environment to include homeland security concerns 
within the NCC moving forward. Specifically, the 
principals requested that the task force examine the 
future mission and role of the NCC, including: 

► How should the industry members of the 
NCC continue to partner with Government? 

► How should the NCC be structured relative 
to the dual missions of CIP and NS/EP? 

► How does the new DHS Sector Coordinating 
Council (SCO approach affect the NCC? 

Throughout 2005 and early 2006, the NCCTF 
deliberated on numerous issues, focusing its 
discussions on the NCC’s organizational structure, 
information sharing and analysis, leadership, incident 
management and response, and international mutual 
aid. To gain additional insight into incident management 
and information sharing practices in particular, the task 
force co-hosted an all-day incident management 
subject matter expert meeting with the Next Generation 
Network Task Force on August 30, 2005. The task 
force also internalized lessons learned from Hurricane 
Katrina response and recovery efforts including those 
derived from the White House on improved industry 
and Government coordination in the drafting of The 
Federal Response to Hurricane Katrina-. Lessons Learned Report. 

Of particular interest and concern to the task force 
following Hurricane Katrina were questions related to 
the role of the NCC and the NCS in NS/EP 
telecommunications planning and incident response 
as entities within the new DHS and command and 
control issues associated with Emergency Support 
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Function (ESF) 2—Communications support 
agencies. The task force determined that better 
delineation of roies and responsibilities, especially 
with regard to data reporting and the prioritization 
and escalation of requests, would improve incident 
response and establish clearer points of contact to 
address issues, reduce duplication of effort, and 
improve focus on fulfilling missions. 

Based on the NCCTF’s analysis of issues facing the 
NCC, the NSTAC recommended that the President: 

► Direct the Secretary of Flomeland Security, the 
Director of the Office of Science and Technology 
Policy (OSTP), the Secretary of Defense, and other 
ESF-2 Eederal support agencies to develop and 
implement policies and procedures with respect to: 
(1) managing and escalating requests from the 
NCC, and (2) the delineation of authorities and 
responsibilities when the government invokes ESF-2. 

► Direct the OSTP and the Flomeland Security Council 
to join with the Communications SCC and the 
IT-SCC to support an industry-led task force with the 
primary goal of planning a regional communications 
and IT coordinating capability in the Gulf Coast and 
Southeastern regions prior to the 2006 hurricane 
season. Subsequently, the task force will determine 
the best approach for a long-term regional 
communications and IT coordinating capability that 
can serve all regions of the Nation. The task force 
should primarily be made up of industry 
representatives, as well as Federal, State, and local 
Government representatives. 

► Direct the Secretary of Flomeland Security to 
expand the NCC to include both communications 
and IT companies and organizations. The NCC 
would be a cross sector industry/Government 
facility with a round-the-clock watch, which would 
be brought up to full strength during emergencies. 

► Direct the Secretary of Flomeland Security to engage 
the private sector in CIP activities by increasing the 
flow of threat information to the private sector. 
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facilitating private sector participation in impact 
analyses, and clarifying policies for the protection of 
private sector information. 

► Direct the Secretary of Flomeland Security to 
improve the ESF-2 emergency response training 
and exercise program, with a focus on enhancing 
coordination among industry members and 
Federal, State, and local responders during 
incidents of national significance. This program 
should focus on sector interdependencies for both 
physical and cyber threats, and would aim to 
produce actionable results. Industry involvement 
must occur from the earliest planning stages. 

► Encourage the Secretary of Flomeland Security to 
improve the Federal Government’s cyber response 
strategy to delineate roles and responsibilities of 
Government and the private sector in the National 
Response Plan (NRP) [now the National Response 
Framework (NRF)], aligning communications 

and cyber operations centers, and enhancing 
relationships with international computer 
emergency readiness teams. 

► Direct the Secretary of Flomeland Security and 
other Government stakeholders to examine the 
value derived from the NCC collaboration and, if 
sufficiently supported, commit the resources 
necessary to strengthen and support the 
organization and its mission. 

To further these recommendations, the NCCTF 
developed an action item roadmap to assist the NCC 
in its efforts to address new issues and challenges 
over the next five years. 

In 2007, the NCCTF reviewed the recommendations 
from its 2006 report and developed a status report to 
provide an update on the implementation of the NCC 
Roadmap for the Future. Based on the NCCTF’s 
analysis of the progress-to-date against the NCC 
Roadmap for the Future, the task force provides the 
following observations to DFIS on next steps: 


5 


ACTIVE ISSUES ◄ 2007-2008 NSTAC Issue Review The President’s National Security Telecommunications Advisory Committee 


► Continued success of the NCS process can be 
assured by updating the memoranda of agreement 
between the NCS member departments and 
agencies and providing expert detailees to the 
NCS and NCC. 

► The NCS should formalize its relationships with 
DOD, including watch tunctions, by entering into 
memoranda of understanding and/or developing 
joint standard operating procedures for enhanced 
coordination in the future, including routine testing 
and the exercising of capabilities. 

► Annual updates on the status ot the NCC 
Roadmap to the NSTAC by the NCS Manager 
should ensure the NSTAC Principals remain 
engaged in the important partnership. 

► A new membership structure reflecting the diversity 
of the expanding NCC membership implemented by 
the NCC Manager should enhance the level of trust 
amongst the membership. 

► As the NCC Manager carefully monitors the level 
of information sharing in the NCC, it will ensure 
the organization remains a trusted environment. 

► As the NCC evolves, industry and Government 
members should continually assess the NCC and 
its NS/EP mission while continuing to provide 
value to all partners involved. 

Actions Resulting from NSTAC Recommendations 

The NCS initiated numerous etforts to address the 
recommendations in the NSTAC Report to the President on 
the National Coordinating Center. Most significantly, the 
DHS Office of Cybersecurity and Communications 
established a “tiger team” to examine the consolidation 
of the NCC, the United States Computer Emergency 
Readiness Team, and the IT-ISAC, as the NSTAC 
recommended. In addition, DHS addressed several of 
the NSTAC's recommendations through the 
development of the NRE, which replaced the NRP, and 
the ESF-2 Annex. In particular, the NRE and ESF-2 
Annex clarify the roles and responsibilities of the 
coordinating agency, primary agencies, and support 
agencies. The revised ESF-2 Annex also designates the 


Federal Emergency Communications Coordinator 
(FFCC) to lead ESF-2 efforts when activated. The NCS 
is turther revising the ESF-2 Operations Plan and job 
aids, and providing input into the joint field office 
standard operating procedure to provide additional 
clarity on FECC leadership of ESF-2. In addition, the 
NCC is working to increase the involvement ot Its 
Industry members in training and exercise opportunities, 
such as the annual ESF-2 training and large scale 
exercises (including. Cyber Storm II, Top Officials 
(TOPOFF) IV, and the National Level Exercise (NLE) 
02-08). The 2007 ESF-2 Spring Training Conference in 
New Orleans, Louisiana, received extensive support 
from companies within the Telecommunications ISAC. 
Industry representatives participated as liaisons, 
instructors, and demonstration hosts. Industry 
representatives also assisted NCS exercise planners to 
develop the exercise injects that defined ESF-2 
involvement in TOPOFF IV, Cyber Storm II, and the 
NLE 02-08. During Spring 2008, the NCS focused its 
training efforts on developing a certification program tor 
FECCs who will lead ESF-2 response during an incident. 

For more information regarding the NCC’s development, 
please see the National Coordinating Mechanism, 
Information Sharing/Critical Infrastructure Protection, 
and the Industry/Government Information Sharing and 
Response sections in the Previously Addressed Issues 
section of this NSTAC Issue Review. 

Reports Issued 

National Coordinating Mechanism Report, May 1983. 

National Coordinating Mechanism Implementation Plan 
(Final Report), January 1984. 

Telecommunications Systems Survivability Review of Government 
Actions in Response to NSTAC-Recommended Initiatives, June 1988. 

Operations Support Group Report, December 1997. 

Information Assurance Policy Subgroup of the Information 
Infrastructure Group and the National Coordinating Mechanism 
Subgroup of the Operations Support Group Joint Report: 
Information Assurance, December 1997. 
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Operations Support Group Report, September 1998. 

Operations Support Group Report, June 1999. 

Information Sharing/Critical Infrastructure Protection 
Report, May 2000. 

RSTAG Report to the President on the National 
Coordinating Center, May 2006. 

National Coordinating Center Status Report on the National 
Coordinating Center Roadmap for the Future, June 2007. 

National Coordinating Center Task Force Membership 

Verizon Communications 

Mr. James Bean, Chair 

Sprint Nextel Corporation 

Mr. John Stogoski, Vice Chair 

AT&T, Incorporated 

Mr. Harry Underhill 

BellSouth Corporation 

Ms. Cristin Flynn Goodwin (Currently with Microsoft Corporation) 

The Boeing Company 

Mr. Robert Steele 

Computer Sciences Corporation 

Mr. Guy Copeland 

CTIA - The Wireless Association 

Mr. Christopher Guttman-McCabe 

Juniper Networks 

Mr. Robert Dix 

Lockheed Martin Corporation 

Dr. Allen Dayton 

Alcatel-Lucent Bell Labs 

Mr. Richard Krock 
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Microsoft Corporation 

Mr. Paul Nicholas 
Mr. Philip Reitinger 

Nortel 

Dr. John Edwards 

Qwest Communications International, Incorporated 

Mr. Thomas Snee 

Raytheon Company 

Mr. Frank Newell 

Science Applications International Corporation 

Mr. Henry Kluepfel 

Telcordia Technologies 

Ms. Louise Tucker 

United States Telecom Association (USTelecom) 

Mr. David Kanupke 

VeriSign, Incorporated 

Mr. Michael Aisenberg 

Other National Coordinating Center Task Force 
Industry Participants 

AT&T, Incorporated 

Mr. Kent Bowen 
Mr. James Bugel 
Mr. Thomas Hughes 
Ms. Rosemary Leffler 

George Washington University 

Dr. Jack Oslund 

Sprint Nextel Corporation 

Mr. Lee Fitzsimmons 

Telecommunications Industry Association 

Mr. Daniel Bart 
Mr. David Thompson 

Qwest Communications International, Incorporated 

Mr. Jon Lofstedt 
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Verizon Communications, Incorporated 

Ms. Ernestine Gormsen 
Mr. Roger Higgins 

National Coordinating Center Task Force 
Government Participants 

Defense Information Systems Agency 

Mr. Richard Bourdon 
Ms. Hillary Morgan 

Department of Energy 

Mr. John Greenhill 

Department of Homeland Security 

Mr. Brian Carney 
Mr. Jeffrey Click 
Mr. Charles Lancaster 
Mr. Michael Lombard 
Mr. Donald Smith 
Ms. Christina Watson 

Federal Reserve Board 

Mr. Charles Madine 

Joint Staff/J6 

MAJ Susan Camoroda (now Lieutenant Colonel) 

General Services Administration 

Mr. John Migliaccio 
Mr. Thomas Sellers 

Dffice of Management and Budget 

Ms. Kimberly Johnson 

Dffice of Science and Technology Policy 
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Emergency Communications 
and Interoperability 

Investigation Group / Period of Activity 

Emergency Communications and Interoperability 
Task Force 

January 2006 - September 2007 

Issue Background 

Over the course of three months in the summer/fall of 
2005, Hurricanes Katrina, Rita, and Wiima battered 
the U.S. Gulf Coasf region, destroying homes and 
communities, as weii as entire portions of the 
telecommunications infrastructure. The destruction 
posed unprecedented communications challenges 
and revealed a lack of sufficient operabiiity and 
interoperability among the multiple public and private 
response and recovery organizations supporting 
emergency communications situations. Hurricane 
Katrina alone impacted an area approximately 90,000 
square miles wide, disrupted service to approximately 
3 million phone lines, and disabled first responder 
communications in multiple parishes. Restoration 
efforts were severely hindered by the lack of access 
prioritization to commercial networks for first 
responders. These powerful lessons magnified the 
importance of Government vigilance in leveraging a full 
suite of communications capabilities to protect and 
ensure national security and emergency preparedness 
(NS/EP) telecommunications in the future. 

History of NSTAC Actions and Recommendations 

In response to concerns regarding the sufficient 
operability and interoperability of emergency 
communications systems during the 2005 hurricane 
season, the President’s National Security 
Telecommunications Advisory Committee (NSTAC) 
established the Emergency Communications and 
Interoperability Task Eorce (ECITE) to develop 
recommendations regarding short-term interoperability 
solutions for responders in advance of the 2006 
hurricane season. In addition, the committee 
requested that the task force investigate how a 
complete suite of communications technologies, 
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including wireline, terrestrial wireless, broadcast, and 
satellite communications, should be integrated into 
the Federal Government’s emergency communications 
planning, and how they can more effectively support 
NS/EP activities; and to identify rapidly deployable 
interoperability solutions and recommend a strategic 
direction for the future that can assure a more 
survivable and interoperable nationwide 
communications architecture for responders. 

Based on the EClTF’s initial analysis in March 2006, 
the NSTAC provided short-term recommendations 
in a Letter to the President on Emergency Communications and 
Interoperability, outlining emergency communications 
and interoperability issues and identifying 
immediately applicable actions to improve responder 
communications capabilities. Specifically, the NSTAC 
recommended that the President direct the 
Department of Homeland Security (DHS) to: 

► Establish a uniform protocol working with Federal, 
State, and local governments that can dynamically 
identify their emergency management 
coordinators’ contact information, especially 
during times when regular contact information 
changes due to event situations, and a capability 
to share that information with DHS. 

► Accelerate efforts to create an initial deployable 
communications capability for the Gulf Coast 
region in accordance with Recommendation 37 
of the February 2006 report. The Federal Response to 
Hurricane Katrina: Lessons Learned. 

► Formally integrate the National Communications 
Systems’ (NCS) NS/EP priority programs into 
the National Emergency Communications Strategy (NECS) 
pursuant to Recommendation 34 of the Lessons 
Learned Report. 

The ECITE continued to refine and expand on the 
letter’s recommendations and published the NSTAC 
Report to the President on Emergency Communications and 
Interoperability In January 2007. In the report, the 
NSTAC recommended that the President, in 
accordance with responsibilities and existing 
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mechanisms established by Executive Order 12472, 

Assignment of National Security and Emergency Preparedness 

Telecommunications Functions: 

► Expand use of Deployable Communications 
Capabilities. Direct DHS to incorporate into its 
emergency communications plans and programs 
rapidly deployable, interoperable, mobile 
communications soiutions that wili provide reliable 
communications to emergency responders in the 
event of a regional catastrophic failure involving 
complete or significant loss of communications 
infrastructure. The President should also direct 
DHS to expand and enhance the use of the 
Wireless Priority Service (WPS) program in an 
area(s) of catastrophic critical infrastructure loss 
and/or damage through multi-carrier WPS 
end-to-end solutions that facilitate the rapid 
restoration of essential wireless network elements. 

► Enbance tbe Telecommunications Service Priority 
(TSP) Program for Wireless Networks. Direct DHS 
and other responsible Federal agencies to explore 
enhancements to the TSP program to 
accommodate expanded requests from NS/EP 
users of wireless telecommunications services at 
critical sites. The President should also direct 
Federal agencies and encourage State and local 
agencies to fully utilize the existing provisions of 
TSP and to apply for the enhanced wireless TSP 
coverage provisions as they are developed for use 
at their critical sites. 

► Establish a Uniform Protocol to Identify Emergency 
Management and Coordinators’ Contact Information. 

Direct DHS, with support from the NCS and the 
National Coordinating Center, to establish 
a uniform protocol working with Federal, State, 
and local government organizations that can 
dynamically identify their emergency management 
and coordinators' contact information, especially 
during times when regular contact information 
changes due to event situations, and a capability 
to share that information with DHS. 


► Improve NS/EP Policy to Support Emergency 
Communications. Modernize existing NS/EP policy 
guidance to clarify and consolidate Federal 
Government emergency communications roles 
and responsibilities. Specifically, additional 
Presidential policy guidance is required to: 

• Clearly delineate the NS/EP and emergency 
communications roles and functions of the NCS, 
the National Cyber Security Division (NCSD), and 
the new Office of Emergency Communications 
(OEC), as established by the DHSAppropnations Act 
of2007, and any other DHS organization, such as 
the Science and Technology Directorate and the 
Federal Emergency Management Agency 
(FEMA), with a role or responsibility in the area of 
emergency communications; 

• Preserve and maintain critical NS/EP functions 
and capabilities that support the national 
leadership; and 

• Ensure executive oversight across the Federal 
Government for a fully coordinated, integrated, 
and interoperable emergency response 
communications function and capability. 

► Include Critical Elements in tbe National Emergency 
Communications Strategy (NECS) and the National 
Emergency Communications Plan (NECP). Incorporate 
the following critical elements in the development, 
maintenance, and execution of the /VfC5and 
associated implementation guidance, and 
directing DHS and other responsible Federal 
agencies to incorporate the elements into the NECP 

• Large-Scale State and Regional Shared Public 
Safety Networks and Federal grants; 

• Yearly benchmarks for achieving defined 
interoperability objectives; 

• Nationwide outreach to support emergency 
response communications; 
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• Identification of specific private-sector 
emergency communications and 
interoperabiiity support roies. 

► Address Emergency Communications in the 

Converged Environment. To encourage responsive 
emergency communications capabilities in the 
converged environment, establish and incorporate 
the following capability objectives into the NECS 
and associated implementation guidance, and also 
direct DHS to incorporate the capability objectives 
into the NECP: 

• Support for a significantly expanded user base; 

• Full leveraging of network assets; 

• Internet protocol based interoperability; 

• Assured access for key users through priority 
schemes or dedicated spectrum; 

• National scope with common procedures and 
interoperable technologies; 

• Deployable elements to supplement and 
bolster operability and interoperability; 

• Resilient and disruption-tolerant 
communications networks; 

• Network-centric principles benefiting 
emergency communications; and 

• Enhanced communications features. 

Upon publication of the NSTAC Report to the President on 
Emergency Communications and Interoperability, the NSTAC 
conducted outreach activities, such as informational 
briefings by the ECITF leadership, on the report’s 
findings and recommendations to educate emergency 
responder stakeholder communities, including Federal, 
State, and local government entities, non-governmental 
organizations, and private sector organizations. The 
NSTAC also used comments from the Executive Office 
of the President (EOP) to frame the future NSTAC work 
strategies, and in discussions with EOP sponsors, who 
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solicited specific NSTAC assistance in evaluating how 
Internet Protocol-enabled capabilities and technologies 
might play a role in enhancing emergency 
communications interoperability. 

Actions Resulting from NSTAC Recommendations 

As a result of the devastation caused during the 2005 
hurricane season and informed by the NSTAC’s 
associated recommendations, DFIS, in conjunction 
with other Eederal agencies, has undertaken several 
actions to ensure successful emergency 
communications for future emergencies. 

In relation to the NSTAC recommendation to create a 
deployable communications capability for the Gulf 
Coast region in accordance with the Eebruary 2006 
Eederal response to Hurricane Katrina: Lessons Learned 
recommendation 37, DFIS and the Department of 
Commerce announced the release of the Public 
Safety Interoperable Communications Grant Program, 
providing nearly $1 billion in grant funding to States 
and urban areas to improve interoperable 
communications capabilities, including deployable 
communications. December 3, 2007, was the 
deadline for submissions of each State and Territory’s 
Investment Justification and their State-wide 
Communications Interoperability Plans. The 
submissions are currently under DFIS review. In 
addition, the NCS is working with the Department of 
Justice (DOJ) Wireless Management Office to include 
the DOJ’s Satellite Mutual Aid Radio Talkgroup for the 
Satellite Priority Service pilot offering. The pilot 
offering will provide reliable communications, 
independent ot public switched telephone network 
infrastructure damage, to Federal, State, and local 
emergency responders at all levels of Government in 
a disaster region. 

In order to enhance the TSP Program for Wireless 
Networks, the NCS has taken concrete steps to 
address the needs of the priority services, which were 
highlighted by hurricanes Katrina, Rita, and Wilma. 
Specifically, the NCS outreached further to expand 
the coverage and capabilities of the Government 
Emergency Telecommunications Service (GETS), 
WPS, and TSP-user knowledge by increasing 
awareness of the priority services and educating 
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State and local governments. Regarding the NSTAC 
recommendation on expanded TSP for wireiess 
users, the NCS recommended that the NCS 
Committee of Principals’ Priority Services Working 
Group research and consider the feasibility of the 
NSTAC recommendation. Efforts reiating to the 
utilization of the existing TSP program include 
assigning 65,257 TSP codes to the wireless carriers 
since 2001 to ensure land lines that support cell 
towers have restoration priority. Work continues with 
Federal, State, and local partners resulting in an 
increase of over 100,000 TSP assignments over the 
past five years. 

In order to establish a uniform protocol for the 
identification of Federal, State, and local Government 
emergency management and coordinators’ contact 
information, the NCS identified the Emergency 
Support Function (ESF) 2—Communications, related 
emergency management and coordinator’s contact 
information, which was considered and addressed as 
an element of the NCS ESF-2 Operations Plan and the 
updated Gulf Coast emergency communications 
plans. In addition, the NCS increased its visibility and 
outreach efforts at the State and local level through 
in-region placement of NCS support personnel with 
specific State/local coordination responsibilities. 

FEMA regions IV, VI, and VIII have this representation 
through contractor personnel. In the other FEMA 
regions, the NCS continued to leverage its partnership 
with representatives from the General Services 
Administration in their role as communications 
regional managers. Finally, the NCS continues to 
coordinate with the Federal Communications 
Commission’s Public Safety and Homeland Security 
Bureau in its mission to address public safety, 
homeland security, national security, emergency 
management and preparedness, and disaster 
management in order to achieve more effective 
distribution and sharing of contact information. 

The NCS is working to improve NS/EP policy to 
support emergency communications by clarifying the 
roles and responsibilities in disaster response 
scenarios. Specifically, the National Response 
Framework ESF-2 Annex designates NCS as the 
primary agency for communications infrastructure 


restoration, FEMA as the primary agency for tactical 
communications response efforts, and NCSD and the 
United States Computer Emergency Readiness Team 
as the coordinating agency for a cyber incident. In 
addition, the NCS provided comments to the FOP 
regarding NCS Directive 3-10, Minimum Requirements for 
Continuity Communications Capabiiities; developed the 
accompanying NCS Manual 3-10-1, Guidance for 
imptementing NCS Directive 3-10, which is now final; and 
developed the draft NCS Handbook 3-10-1, Guidance 
for improving Route Diversity within Locai Access Networks, 
which is currently out for comment. Furthermore, 
National Security Presidential Directive 51/Homeland 
Security Presidential Directive 20, Nationai Gontinuity 
Poiicy, established the National Continuity Coordinator 
to the President. 

In order to include critical elements in the NEGPand 
address emergency communications in the converged 
environment, the OEC is leading the development of 
the NECP in cooperation with State, local, and tribal 
Governments; Federal departments and agencies; 
emergency response providers; and the private sector. 
One of the key inputs into the NEGP is the NSTAC Report on 
Emergency Communications and interoperabiiity, including the 
critical capability objectives identified by the NSTAC. 
The NECP is being coordinated with industry through 
the Communications Sector Coordinating Council. In 
addition, the Telecommunications Industry Association 
provided additional input into the NECP, with the final 
version of the report due to Congress in July 2008. 

The NCS is also working to engineer and deploy a pilot 
satellite augmentation service to the GETS/WPS 
whereby backup satellite service for approximately 70 
emergency operation centers and other critical 
communications sites will be made available and 
include additional routing enhancements in the Public 
Switched Telephone Network (PSTN). The Satellite 
Priority Service will be resilient to PSTN damage. 

Reports Issued 

Letter to the President on Emergency Communications and 
interoperabiiity, March 2006. 

NSTAC Report to the President on Emergency Communications 
and interoperabiiity, January 2007. 
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International Communications 


Investigation Group / Period of Activity 

Network Group 

April 1997 - September 1999 

Convergence Task Force 

June 2000-June 2001 

Network Security Vulnerability Assessments Task Force 

June 2001 - March 2002 

Next Generation Networks Task Force 

May 2004 - May 2006 

International Task Force 

May 2006 - August 2007 

Issue Background 

For many years, global communications networks 
have functioned in a period of transition as customer 
demands and business imperatives cataiyzed the 
convergence of traditionai circuit switched networks 
with broadband packet-based Internet Protocol (IP) 
networks to create the telecommunications industry’s 
Next Generation Network (NGN). Although the 
President’s National Security Telecommunications 
Advisory Committee (NSTAC) expects the complete 
evolution to the NGN to take several years, this evolving 
network infrastructure, which includes wireless, 
wireline, and IP technologies, will alter the way 
governments and private industry meet their national 
security and emergency preparedness (NS/EP) 
communications needs. In fact, the emergence of the 
NGN has already effected change in a profound way. 
Many network service providers now have the 
capability to carry voice, video, text, and data 
transparently to numerous categories of end-user 
devices, a key characteristic of the NGN. Mobile 
phones able to access an array of Web-based services 
represent only one example of this enhanced ability. 
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The scale, scope, and character of the NGN 
fundamentally changes the way government and 
service providers must plan for, prioritize, and 
ultimately deliver NS/EP communications. NGN 
networks, which are largely packet-switched networks, 
differ greatly from legacy circuit-switched networks. 

Eor example, packet-switched environments place 
control capabilities at the network “edge” and rely 
heavily on intelligent devices to execute key functions. 
In this new environment, NS/EP and critical business 
communications will be subject to an increased 
number of cyber threats based on inherent 
vulnerabilities and interdependencies known or 
expected to exist in the NGN. With these changes, 
network operators, infrastructure custodians, and 
NS/EP users must determine how best to meet NS/EP 
user requirements on the NGN. 

The transition to the NGN also presents challenges 
for ensuring the security and availability of NS/EP 
communications. In addition to the vulnerabilities that 
arise due to the packet-switched nature of the NGN, 
some vulnerabilities that already existed in legacy 
networks will persist or worsen in the NGN. For 
example, the enhanced interconnectedness of the 
NGN can be exploited by hackers to provide rapid and 
far-reaching propagation of malicious payload (attacks). 
Another vulnerability is the emulation of network control 
messages. Unlike legacy networks, which used 
separate paths to divide network control messages 
from normal network payload, NGN architectures have 
network control messages co-existing with normal 
payload traffic, providing more open access to hackers 
to interfere with these messages. These and other 
vulnerabilities create complex risk scenarios for NS/EP 
communications in an NGN environment, which also 
depends on other infrastructures such as the electric 
power industry. A further challenge is the global nature 
of the NGN and, thus, methods for managing incidents 
of national significance may require international 
cooperation. To ensure NS/EP functions remain a 
priority in the transition to the NGN, these concerns 
must be addressed. 

At the same time, the NGN offers significant 
improvements for the delivery of NS/EP 
communications capabilities as bandwidth and 


15 


ACTIVE ISSUES ◄ 2007-2008 NSTAC Issue Review The President’s National Security Telecommunications Advisory Committee 


software continue to improve. New communications 
capabilities, including greater access to data and 
new services, will better support NS/EP functions in 
critical ways, enabling first responders, for example, 
to obtain real-time access to voice, data, and video 
necessary for the most effective completion of their 
jobs. The NGN will also naturally increase network 
robustness and resiliency by the nature of its mesh 
architecture, offering many possible paths for service 
and redundancy of equipment and servers. To 
achieve the benefits of such new capabilities and 
greater resiliency, and to speed and enhance the 
transition to NGN, solutions must be found that 
address NS/EP functional requirements, especially 
for security and availability. Doing so requires 
forward-looking action by industry and Government. 

The NGN interconnects with worldwide networks, 
which are themselves developing into a global, seamless 
infrastructure, to deliver communications services 
across national borders. This global interconnectivity 
brings with it inherent risks, as information passes over 
parts of the network that are more diverse in security, 
architecture, and management, particularly in some 
foreign network segments and infrastructures. These 
foreign network entities may be more vulnerable to 
intrusion, deliberate disruption, or accidental damage. 
The U.S. communications infrastructure is now 
dispersed across numerous companies and 
organizations and spans the telecommunications and 
information technology industries. 

With the emergence of this converged global network, 
additional operational security concerns related to 
access and remediation during system disruptions 
are emerging, affecting the delivery of NS/EP 
communications. This convergence now prompts 
governments and critical infrastructure private-sector 
owners to reevaluate how NS/EP communications 
needs are being met today and in the future. 

History of NSTAC Actions and Recommendations 

NSTAC has an extensive history of examining 
the NS/EP implications of the transition of the 
Nation’s telecommunications networks to the NGN 
environment and providing the President with forward 
looking and innovative recommendations. In its 


Internet Report: Examination of the National Security and 
Emergency Preparedness Implications of Internet Technologies 
Report, published in June 1999, the NSTAC examined 
three key transition factors—the extent to which 
NS/EP operations depend on the Internet, the 
network control element vulnerabilities associated 
with the Internet and their ability to cause a severe 
disruption of Internet service, and how Internet 
reliability, availability, and service priority issues 
applied to NS/EP operations. 

In its June 2001 Convergence Report, the NSTAC 
furthered its network transition-related work to 
specifically analyze the potential security and reliability 
vulnerabilities associated with converged networks. Its 
Network Security Vulnerability Assessments Report, released In 
March 2002, addressed public network policy and 
technical issues related to network disruptions, the 
security and vulnerability of the converged network 
control space, and needed countermeasures to 
mitigate against these vulnerabilities. Issues presented 
by convergence also arose during the committee’s 
examination of the resiliency of networks supporting 
the financial services sector to physical disruptions. 

In 2005 and 2006, the NSTAC looked at five 
fundamental areas of examination: (1) NGN description; 

(2) NGN service scenarios and user requirements; 

(3) end-to-end services provisioning; (4) NGN threats 
and vulnerabilities; and (5) incident management on the 
NGN. The committee offered recommendations to the 
President in March 2005 on issues that could be 
addressed quickly to improve NS/EP communications, 
and in March 2006 made its final recommendations in 
the areas of identity management; coordination on 
common operational criteria for NGN NS/EP end-to-end 
services; research and development; technology 
lifecycle assurance and trusted technology; resilient 
alternate communications; agreements, standards, 
policy, and regulations; incident management on the 
NGN; international policy; and first responders. 

Building on prior work, at the NSTAC XXIX Meeting in 
May 2006, the committee requested an in-depth 
examination of the NS/EP implications of international 
communications. The NSTAC’s prior body of work, as 
well as the analyses in this inquiry, suggested that 
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NS/EP communications requirements can be 
achieved oniy if industry and Government 
infrastructure stewards coilaborate to develop policies 
and best practices responsive to the international 
communications environment. Based on this 
investigation, the NSTAC issued its Report to the 
President on International Communications during cycle 
XXXI. For further detail on the efforts of the NSTAC 
related to the NGN, please see the Network 
Convergence section in the Previously Addressed 
section of this NSTAC Issue Review. 

As a result of international NS/EP communications 
concerns voiced at the NSTAC XXIX Meeting in 
connection with the NSTAC’s NGN study, the NSTAC 
established the International Task Force (ITF). The 
ITF examined international incident management and 
operational protocols, as well as the policy 
frameworks related to the use of NS/EP services over 
the global communications infrastructure. These 
policy and operational issue areas are particularly 
critical in light of expanding U.S. Government-initiated 
collaboration with key allies and global trading 
partners; the international nature of the network, 
provider, and threat environment surrounding cyber 
incidents; and increasing threat to and dependency 
on internationally significant infrastructure operated 
by various foreign entities. 

The NSTAC’s resulting Report to the President on International 
Communications recommended that the President, in 
accordance with responsibilities and existing 
mechanisms established by Executive Order 12472, 
Assignment of National Security and Emergency Preparedness 
Telecommunications Functions: 

► Task the Department of Homeland Security to 
coordinate international planning and development 
with the appropriate Federal Agencies for adoption of 
a global framework incorporating operational 
protocols and response strategies. The framework 
must accomplish the following: 

• Address physical and cyber events that 
would disrupt the availability of critical global 
infrastructure services; 
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• Ensure private sector participation in 
developing the framework to leverage extensive 
expertise and existing relationships; 

• Support the use of identity management 
solutions that address NS/EP requirements 
for normal operations and all-hazards 
crisis response; and 

• Examine, with the help of private sector 
partners, existing U.S. laws and policies that 
could prevent service providers and other 
stakeholders from taking the necessary 
proactive measures to restore service and 
prevent harm to NS/EP users for government 
essential operations during a crisis. 

► In the interim, task Federal Agencies to expand 
relationships and response coordination using 
formal and reciprocal agreements with Allied 
governments to include participation from selected 
International service providers and other 
stakeholders into existing joint U.S. Government 
and private-sector response and coordination 
processes and entities, such as the U.S. Computer 
Emergency Readiness Team and the National 
Coordinating Center. 

Actions Resulting from NSTAC Recommendations 

The National Communications System Committee of 
Principals formed the International Communications 
Working Group (ICWG) to examine issues raised by 
and relating to the NSTAC Report to the President on 
International Communications, and to work in concert 
with the private sector to assess how to implement 
NSTAC recommendations. The ICWG will assess the 
broad range of issues and requirements inherent in 
the establishment and global adoption of a framework 
to enhance the resiliency of the global 
communications infrastructure. 

Reports Issued 

Network Group Internet Report: An Examination of the NS/EP 
Implications of Internet Technologies, June 1999. 

Convergence Report, June 2001. 
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The President's National Security Telecommunications 
Advisory Committee Network Security Vulnerability Assessments 
Report, March 2002. 

Next Generation Networks Report: Near Term 
Recommendations, March 2005. 

Next Generation Networks Report, March 2006. 

NSTAC Report on International Communications, August 2008. 
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Global Infrastructure Resiliency 

Investigation Group / Period of Activity 

Global Infrastructure Resiliency Working Group 

August 2006 - October 2006 

Global Infrastructure Resiliency Task Force 

May 2007 - Present 

Issue Background 

The increasing dependence on and the vulnerability 
of the global communications infrastructure highlights 
the importance of establishing mitigation measures 
for crifical services and protecfion measures to 
ensure critical national security and emergency 
preparedness (NS/EP) telecommunications functions 
in the event of a cafastrophic disruption to the global 
communications infrastructure. 

History of NSTAC Actions and Recommendations 

Due to these concerns, the President’s National 
Security Telecommunications Advisory Committee 
(NSTAC) formed the Global Infrastructure Resiliency 
Working Group in response to a request from the 
National Security Council to develop operational 
recommendations to Improve the overall resiliency of 
the global communications Infrastructure. The group 
developed the NSTAC Report on Global Infrastructure 
Resiliency \n October 2006, a sensitive report 
designated For Official Use Only. 

The NSTAC reestablished the Global Infrastructure 
Resiliency Task Force (GIRTF) in May 2007, to 
address requests from the Department of Defense 
(DOD) and the Executive Office of the President 
(FOP). Specifically, DOD raised concerns regarding 
the risk to national security associated with the 
provisioning of network management services to 
domestic service providers from infernational network 
operations centers (NOC). As a result, the GIRTF 
reviewed relevant operations practices associated 
with NOCs, examined risks inherent in such 
operations, and outlined the steps that service 
providers have taken to manage those risks. In 
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February 2008, the task force completed the NSTAC 
Report on Network Operations Centers, also designated For 
Official Use Only, to address DOD’s concerns. 

The FOP asked the NSTAC to examine concerns 
regarding the risk, if any, to Internet Protocol (IP) 
NS/EP communications traffic during times of 
nefwork congestion. Specifically, the FOP solicited 
NSTAC’s recommendations to determine the best 
manner for IP NS/EP traffic to traverse the network 
assuming network congestion occurs. The task force 
confinues to investigate this issue. 

Reports Issued 

NSTAC Report on Global Infrastructure Resiliency, October 2006. 

NSTAC Report on Network Operation Centers, February 2008. 

Global Infrastructure Resiliency Task 
Force Membership 

AT&T, Incorporated 

Mr. Thomas Hughes, Chair 
Ms. Rosemary Leffler 

Bank of America Corporation 

Mr. Roger Callahan 

The Boeing Company 

Mr. Robert Steele 

Computer Sciences Corporation 

Mr. Guy Copeland 

Intelsat General 

Mr. Sterling Winn 

Juniper Networks 

Mr. Robert Dix, Vice Chair 

Microsoft Corporation 

Mr. Paul Nichols 

Nortel Networks Corporation 

Dr. Jack Edwards 
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Qwest Communications 

Ms. Kathryn Condello 
Mr. Thomas Snee 

Science Applications International Corporation 

Mr. HankKIuepfel 

Sprint Nextel Corporation 

Ms. Alison Growney, Vice Chair 

Telcordia Corporation 

Ms. Louise Tucker 

Verizon Wireless 

Mr. Jim Bean 
Mr. Mike Hickey 

Other Global Infrastructure Resiliency Task Force 
Industry Participants 

George Washington University 

Dr. JackOslund 

Microsoft Corporation 

Ms. Cheri McGuire 
Mr. Phillip Reitinger 

Sprint Nextel Corporation 

Ms. Maria Cattafesta 

Verisign, Inc. 

Mr. William Graved 
Mr. Tony Rutkowski 

Verizon Communications, Inc. 

Mr. Marcus Sachs 
Mr. Frank Sally 


Global Infrastructure Resiliency Task Force 
Government Participants 

Department of Defense 

Mr. R.J. Arneson 
Ms. Catherine Creese 
Ms. Hillary Morgan 

Department of Homeland Security 

Mr. Will Williams 

Federal Communications Commission 

Mr. Gregory Cook 
Federal Reserve Board 
Mr. Wayne Pacine 
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Commercial Communications 

Reliance on the 

Global Positioning System 

Investigation Group / Period of Activity 

Commercial Satellite Survivability Task Force 

December 1982 - April 1984 
June 1988 - March 1990 

Satellite Task Force 

September 2003 - January 2004 

Global Positioning System Working Group 

July 2007 - February 2008 

Issue Background 

The U.S. Government’s commitment to provide and 
maintain civil space-based positioning, navigation, and 
timing services, such as Giobal Positioning System 
(GPS), free of direct user fees for civil, commercial, 
and scientific uses has encouraged the rapid adoption 
of GPS-based solutions throughout the commercial 
communications industry. In today's environment, 

GPS supports a broad range of commercial 
communications industry functions and applications; 
the primary use of GPS in each industry segment is in 
support of the networks’ precise timing and 
synchronization requirements. Companies selected 
and widely implemented GPS-based solutions primarily 
because GPS provides an inexpensive, 
globally-available, and highly reliable Stratum 1-quality 
reference source. As the commercial communications 
network infrastructure continues to evolve toward a 
high-speed all-digital environment, accurate timing and 
synchronization functions that support the 
infrastructure are becoming more critical. 

History of NSTAC Actions and Recommendations 

At the first formal meeting of the President’s National 
Security Telecommunications Advisory Committee 
(NSTAC) on December 14, 1982, the NSTAC agreed 
to emphasize commercial satellite communications 
survivability initiatives. The NSTAC directed the 
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Commercial Satellite Survivability (CSS) Task Force 
Resource Enhancements Working Group to 
assess the vulnerability of the commercial satellite 
communications network and the enhancements to 
the national security and emergency preparedness 
(NS/EP) telecommunications infrastructure that the 
use of commercial carrier satellites and Earth 
terminals could provide. 

In June 1988, the NSTAC Industry Executive 
Committee reactivated the CSS Task Eorce to review 
the proposed objectives and implementation 
initiatives of the commercial satellite communications 
Interconnectivity Phase II Architecture and offer 
recommendations. In March 1990, the NSTAC 
approved the final report of the reactivated CSS Task 
Force, which concluded that the Commercial 
SATCOM Interconnectivity Phase II Architecture 
approach was reasonable, and made several 
recommendations to the Government. 

The terrorist attacks on September 11, 2001, raised 
security concerns about the protection of the Nation’s 
vital telecommunications systems against threats, 
and raised awareness that a Federal program did not 
exist to ensure NS/EP communications via 
commercial satellite systems and services. 

In response to a January 2003 request from the 
Director, National Security Space Architect, the 
NSTAC reviewed and assessed policies, practices, 
and procedures for the application of infrastructure 
protection measures to commercial satellite 
communications systems used for NS/EP 
communications. Specifically, the NSTAC reviewed 
applicable documentation addressing vulnerabilities in 
the commercial satellite infrastructure and identified 
potential policy changes that would bring the 
intrastructure into conformance with a standard for 
mitigating those vulnerabilities. As a part of its review, 
the NSTAC also considered GPS timing capabilities 
and developed initial findings and a recommendation 
for further study of GPS-related issues. 

At the 2007 NSTAC Meeting, Ms. Prances Eragos 
Townsend, Assistant to the President for Flomeland 
Security and Counterterrorism, requested that the 
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NSTAC begin a scoping effort to further evaluate the 
commerciai communications infrastructure’s reiiance 
on GPS. Ms. Townsend calied for the NSTAC to 
present its findings and recommendations for 
White House evaluation. 

In response to this request, the NSTAC formed a 
working group composed of industry and Government 
representatives to review findings from the March 2004 
NSTAC Satellite Report on GPS vulnerabilities within the 
commercial satellite infrastructure, as well as the 
findings and recommendations of the August 2001 
Vulnerability Assessment of the Transportation Infrastructure Relying 
on the Gtobai Positioning System, prepared by the Voipe 
National Transportation Systems Center. The working 
group also examined the commercial communications 
reliance on GPS and the possible impacts that loss or 
disruption of GPS could have on the commercial 
communications industry, including its reliance on GPS 
for synchronizing local timing clocks. 

The NSTAC found that the Federal Government’s 
commitment to provide and maintain free civil 
space-based positioning, navigation, and timing GPS 
services promotes vast commercial communications 
industry adoption of GPS-based solutions, supporting a 
wide range of industry functions and applications. The 
NSTAC also found that short-term loss or disruption of 
GPS will have minimal impact on the commercial 
communications infrastructure and its operations with 
the exception of wireless Enhanced 911 (E911) Phase II 
requirements. Short-term loss or disruption of GPS 
signals will affect the ability of E911 dispatchers to 
determine accurate location information. In addition, 
the NSTAC determined that the precise consequences 
of medium-to-long-term GPS loss or disruption will vary 
based on multiple factors. The NSTAC noted that a 
complete and catastrophic loss of GPS over an 
extended period of time (for example, more than one 
month) and its affect on a large geographic area 
(such as, nationwide, continental, global) is extremely 
unlikely. The NSTAC determined that due to the 
improbability of such an event, overall impact is more 
difficult to ascertain. 


As a result of its findings, the NSTAC recommended 
that the President direct the Department of Homeland 
Security and the Department of Defense (DOD) to: 

► Include various GPS outage scenarios in future 
planned disaster recovery exercises in coordination 
with the commercial communications industry. The 
National Communications System (NCS) will 
consider opportunities in fiscal year 2009 exercise 
season to entertain incorporation of GPS outage 
scenarios in its Tier 1 exercise planning. 

Actions Resulting from NSTAC Recommendations 

The NCS reviewed the NSTAC report and plans to 
work with DOD to incorporate GPS outage scenarios, 
and particularly a long-term and widespread GPS 
disruption scenario in future exercises. 

Reports Issued 

Issue Papers for Commercial Communications Sateiiite Systems 
Survivabiiity Initiatives, March 1983. 

Commerciai Sateiiite Communications Survivabiiity Report, 
prepared by the CSS Task Force Resource Enhancements 
Working Group, May 1983. 

Addendum to the Commerciai Sateiiite Communications 
Survivabiiity Report, May 1983. 

CSS Status Report, April 1984. 

Finat Report of the CSS Task Force, December 1989. 

Finai Report of the CSS Task Force, Appendix A, Technicai 
Subgroup Report, December 1989. 

Finai Report of the CSS Task Force, Appendix B, Operationai 
Subgroup Report, December 1989. 

Finai Report of the CSS Task Force, Appendix C, Internationai 
Subgroup Report, December 1989. 

Sateiiite Report, March 2004. 
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Rockwell Collins, Incorporated 

Mr. Ken Kato 

Verizon Communications, Incorporated 

Mr. Roger Higgins 

Global Positioning System Working Group 
Government Participants 

Department of Homeland Security 

Mr. Kelvin Coleman 


Bank of America Corporation 

Mr. Roger Callahan 

The Boeing Company 

Mr. William Patrick Reiner 
Mr. Robert Steele 

Intelsat, Limited 

Mr. Sterling Winn 

Lockheed Martin Corporation 

Mr. Allen Dayton 

National Cable & Telecommunications Association 

Mr. Andy Scott 

Qwest Communications International, Incorporated 

Ms. Diana Gowen 
Mr. Thomas Snee 

Science Applications International Corporation 

Mr. HankKIueptel 

Sprint Nextel Corporation 

Mr. Lee Fitzsimmons 
Ms. Allison Growney 
Mr. John Stogoski 

Raytheon Company 

Mr. Bill Russ 


Global Positioning System Working Group Membership 

Intelsat, Limited 

Mr. Richard DalBello, Chair 

The Boeing Company 

Mr. Marc Johansen, Vice-Chair 

Verizon Communications, Incorporated 

Mr. James Bean, Vice-Chair 

AT&T, Incorporated 

Mr. Thomas Hughes 
Ms. Rosemary Leffler 
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Network Security 

Investigation Group / Period of Activity 

Network Security Scoping Group 

September 2007 - May 2008 

Issue Background 

The interest in and concern about network and 
ecosystem security is increasing in the nationai 
security and emergency preparedness (NS/EP) 
communications, intelligence, and defense 
communities, as weii as in agencies across the Federal 
Government. Technological advances brought upon by 
the convergence of wireless, wireline, and Internet 
Protocol networks, as well as increasing threats from 
more sophisticated adversaries, are shifting the way 
the Government will need to respond to ensure NS/EP 
communications services, priority, and reconstitution. 

The United States' Information and Communications 
Technology (ICT) infrastructure is increasingly 
targeted for exploitation and potentially for disruption 
or destruction by a growing number of state and 
non-state adversaries. As cyber attacks and 
exploitation activity against U.S. networks have 
increased significantly and become more targeted 
and serious there is a need to address the security of 
U.S. networks. Additionally, there is a necessity to 
provide a complementary, coordinated approach to 
critical infrastructure and key resources protection. 

History of NSTAC Actions and Recommendations 

The President’s National Security Telecommunications 
Advisory Committee (NSTAC) principals emphasized the 
importance of reevaluating network security issues at 
the 2007 NSTAC Meeting. Specifically, members 
highlighted the complexity of global network security, 
noting that the increasingly global, interdependent, and 
converged network environment has resulted in new 
challenges and threats for NS/EP communications. 

The NSTAC established its Network Security Scoping 
Group (NSSG) at the September 20, 2007, NSTAC 
Industry Executive Subcommittee working session to 
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scope future NSTAC work in the area of network 
security. The NSSG performed two primary analytical 
exercises as part of its investigation: (1) a study of 
current and previous NSTAC, Federal Government, 
and standards-making bodies' activities in the area 
network security; and (2) a comprehensive listing of 
network security issues of concern to the NSTAC in 
the form of a terms of reference document. The 
NSSG collaborated with the Executive Office of the 
President (EOP) to leverage its guidance and 
expertise in order to identify specific issue areas of 
immediate concern for further investigation. 

In accordance with the National Security 
Presidential Directive 51/Homeland Security 
Presidential Directive 20, National Continuity Policy, the 
NSSG coordinated with the EOP to focus on specific 
areas of the national ICT framework that support 
critical Government functions. These functions are 
primarily responsible for ensuring that national 
security protection resources are maintained during 
a catastrophic emergency. The NSSG identified three 
main areas of immediate concern in the area of 
network security: 

► “Core Network Security” issues pertain to the 
potential strengths and weaknesses of the core 
network. The Nation’s communications core 
networks are a collection of multiple service 
providers’ networks that provide a high level of 
redundancy and availability of service due to 
interoperability and service agreements. 
Congestion is a key issue for moving traffic in the 
core. Congestion can be caused by failures of 
network segments which push additional traffic 
onto other routes as well as by malicious data 
flooding on network segments, commonly called 
“denial of service attacks” or “botnet attacks.” 
Concerns about the operation of the core network 
revolve around ensuring service availability, 
accurate delivery of content, and security of 
information being delivered. 

► “End-to-End Network Defense” relates to meeting 
NS/EP requirements and undertaking network 
defense in the extremely complex next generation 
networks (NGN) ecosystem where endpoints. 
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users, applications/services, and networks are 
neither homogenous nor managed by a single 
entity. While the NGN environment enables a 
variety of users and devices to more conveniently 
access the network, it also presents more sources 
of vulnerability. In this diverse landscape, stronger 
mechanisms for ensuring trusf and nefwork 
managemenf is needed to defend the end-to-end 
cyber ecosystem. 

► “Design Issues" include latent failure modes in 
nefwork equipmenf. The design of nefwork 
equipmenf involves people and processes, and 
potenfial corruption can occur at the various 
stages. The latent failure modes deal with 
undocumented characteristics not discovered 
during functional acceptance testing. These 
modes can result from incomplete or mistaken 
interpretation of fhe specificafion or malicious 
software or hardware capabilities skillfully hidden 
within the gear. The key issue in this area is the 
ability to maintain the authenticity of the supply 
chain process, which is extremely difficult with the 
evolving open connectivity and diversity of devices 
on fhe nefwork. 

The NSSG presented the three issue area scoping 

documents at the 2008 NSTAC Meeting. 

Network Security Scoping Group Membership 

Nortel Networks Corporation 

Dr. Jack Edwards, Chair 

Verizon Communications, Incorporated 

Mr. Jim Bean, Vice Chair 

Mr. Marcus Sachs 

Microsoft Corporation 

Mr. Jerry Cochran, Vice Chair 

AT&T, Incorporated 

Mr. Tom Hughes 

Bank of America Corporation 

Mr. Roger Callahan 
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The Boeing Company 

Mr. Robert Steele 

Computer Sciences Corporation 

Mr. Guy Copeland 

Juniper Networks Incorporated 

Mr. Bob Dix 

Qwest Communications International, Incorporated 

Ms. Kathryn Condello 
Mr. Tom Snee 

Raytheon Company 

Mr. Frank Newell 

Telecordia Technologies, Inc. 

Ms. Louise Tucker 

Science Applications International Corporation 

Mr. Henry Kluepfel 

Sprint Nextel Corporation 

Ms. Allison Growney 
Mr. John Stogoski 

Unisys Corporation 

Mr. Rick Roach 

Other Network Security Scoping Group Participants 

AT&T, Incorporated 

Ms. Rosemary Leffler 

Department of Defense 

Mr. Anthony Bargar 

Department of Homeland Security, 

Dffice of Infrastructure Protection 

Ms. Cristina Watson 

EWA/ITT 

Mr. Michael Aisenberg 

Federal Communications Commission 

Mr. Richard Hovey 
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Science Applications International Corporation 

Mr. Mark Lauver 

Sprint Nextel 

Mr. Lee Fitzsimmons 

Unisys Corporation 

Mr. Paul NiCandri 

USTelecom 

Mr. Anthony Jones 

Verisign 

Mr. William Gravell 

Network Security Scoping Group 
Government Participants 

Department of Homeland Security 

Ms. Sue Daage 
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Legislation and Regulation 

Investigation Group / Period of Activity 

Funding and Regulatory Working Group 

December 1982 - December 1994 

Legislative and Regulatory Group 

December 1994 - September 1999 

Legislative and Regulatory Working Group 

September 1999 - February 2001 

Legislative and Regulatory Task Force 

February 2001 - Present 

Issue Background 

Laws and regulations govern the relationship 
between the Government and the public and provide 
the framework under which public and private 
entities conduct business. Within the evolving 
telecommunications environment, it is essential 
that legislation and regulation keep pace with 
technological changes to ensure continued fulfillment 
of national security and emergency preparedness 
(NS/EP) requirements. It is within this context that 
the President's National Security Telecommunications 
Advisory Committee (NSTAC) review legal and 
regulatory activities that could impact NS/EP 
services, operations, and communications and 
considers areas for which there is a need for further 
legislative and regulatory action. 

History of NSTAC Actions and Recommendations 

The investigation of legislative and regulatory issues of 
consequence to NS/EP communications comprises a 
key focus for the NSTAC. Over the course of its 
existence, the committee has examined the implications 
of numerous important topics including: 

► Telecommunications Act of 1996 (Telecom Act); 

► Widespread Telecommunications Outages; 

► National Services Planning Process; 
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► Assessment of Eederal Crifical Infrastructure 
Recommendations; 

► Information Sharing; 

► Transition to the Year 2000; 

► Wireless Communications; 

► Convergence; 

► Foreign Ownership; 

► Cyber Crime; 

► Potential Policy Conflicts with Homeland Security 
and NS/EP Missions; 

► Open Source Information; 

► Support Anti-terrorism by Fostering Effective Technologies 
(SAFEn)Act; 

► Defense Production Act (DPA); 

► Legislative Concerns Associated with the 2005 
Hurricane Season; 

► Telecommunications Circuit Route Diversity Policy; 

► Protected Critical Infrastructure Information; 

► Department of Homeland Security (DHS) 
Organization; and 

► Cyber and Network Security Policies. 

A description of the NSTAC’s activities in each of these 
areas, as well as the evolution of the task force follows. 

Task Force Evolution 

At its inaugural meeting in December 1982, the 
NSTAC established the Funding and Regulatory 
Working Group (FRWG) to examine funding 
alternatives and regulatory issues for candidate 
enhancements to NS/EP telecommunications. The 
FRWG remained active to address additional issues of 
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a legislative and regulatory nature until 1994 when 
the committee decided to stand down the group until 
further issues arose requiring consideration. The 
NSTAC later amended the name of the FRWG to the 
Legislative and Regulatory Group (LRG) that same 
year per the guidance outlined in the December 
1994 NSTAC Industry Executive Subcommittee (lES) 
Guidelines; however, it did not re-activate the LRG 
again until January 1997 following the passage of the 
landmark Telecom Act. Between 1997 and 2001, 

NSTAC renamed the LRG as the Legislative and 
Regulatory Working Group (LRWG) and tasked its 
members to serve as an ad hoc group to investigate 
issues and serve as a supplementary body to NSTAC 
task forces. In Eebruary 2001, the committee again 
amended the task force’s name to the Legislative and 
Regulatory Task Eorce (LRTE) and formally 
established it as a standing body of the NSTAC. 

Telecommunications Act of 1996 

As the first major overhaul of telecommunications 
policy since 1934, the re/ecom/let redefined 
competition and regulation in virtually every sector of 
the communications industry. In response to passage 
of the Telecom Act and the resultant evolving 
telecommunications environment, the NSTAC 
charged the LRG to examine legislative, regulatory, 
and judicial actions that potentially impact NS/EP 
telecommunications, placing particular emphasis on 
monitoring implementation of the Act. 

In addressing this charge, the LRG established a 
framework for analysis, and in January 1997, began 
working closely with industry and Government to 
develop a common understanding of the NS/EP 
implications of the new law. 

Based on the analysis conducted by the task force, 
the NSTAC found that the Telecom Act did not alter 
carrier responsibilities for the provision of NS/EP 
services. However, the committee determined that 
continued change in the regulatory and Industry 
structure warranted increased educational outreach 
efforts for new entrants and existing carriers with 
regard to their mandatory and voluntary obligations. 
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Widespread Telecommunications Outages 

At NSTAC XIX in March 1997, the Assistant to the 
President for Science and Technology asked the 
NSTAC to investigate the possibility of a widespread 
telecommunications outage. Subsequently, the LRG 
analyzed the legal and regulatory obstacles that 
would hinder service restoration during widespread, 
major service outages. As a result, the NSTAC 
presented its related findings in its December 1997 
report discussed during NSTAC XX. The NSTAC 
found the most significant legal and regulatory 
obstacle to be the apparent uncertainty about who 
could expeditiously address carriers’ concerns 
regarding their compliance with relevant laws or 
regulations during emergency situations. 

To further address this finding, the NSTAC charged the 
LRG to examine options for enhancing communication 
on NS/EP matters among industry, the Eederal 
Communications Commission (ECC), and other relevant 
Government organizations. To that end, the LRG 
investigated the role of the ECC Defense Commissioner; 
investigated the need for an NS/EP industry advisory 
body to the ECC on these issues; documented the 
intergovernmental relationships between the ECC, the 
National Communications System (NCS), and the Office 
of Science and Technology Policy with regard to NS/EP 
responsibilities; and worked jointly with the NSTAC’s 
Network Group’s Widespread Outage Subgroup to draft 
procedural guidelines to help telecommunications 
carriers resolve Issues with the ECC when critical 
emergency telecommunications services needed to be 
restored in a timely manner. 

National Services Planning Process 

In July 1997, the Network Reliability and Interoperability 
Council (NRIC) provided the ECC with a series of 
recommendations aimed at improving the planning 
process for National Services and deployable 
telecommunications services intended or required on a 
national or regional basis. The NSTAC agreed that a 
National Services planning process, as conceived by the 
NRIC, could serve as an effective means for promoting 
NS/EP telecommunications requirements. 

Consequently, the committee tasked the LRG to assess 
what actions the NSTAC should take to ensure that 
industry and Government consider NS/EP requirements 
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during the National Services planning process. During 
discussion at NSTAC XX, the committee reviewed the 
task force’s findings and recommended that the lES 
continue to assess the development of the NRIC’s 
national services recommendations. 

Following NSTAC XX, the LRG established the National 
Services Subgroup to study the feasibility of defining 
NS/EP telecommunications functions as National 
Services. The subgroup submitted its National Services 
Subgroup White Paper to NSTAC XXI In September 
1998 geared to facilitating public awareness of selected 
NS/EP-crItIcal telecommunications functions and 
capabilities. The white paper also promoted the 
continued consideration of NS/EP telecommunications 
service objectives by industry and Government during 
the future deployment of NS/EP national services. 

Assessment of Federal Critical Infrastructure 
Recommendations 

In October 1997, the President’s Commission on Critical 
Infrastructure Protection (PCCIP) released its final report 
and recommendations on protecting the Nation’s 
critical infrastructures, including the telecommunications 
infrastructure. Following NSTAC XX, the NSTAC charged 
the LRG to review the potential legislative and regulatory 
implications for NS/EP telecommunications as a result 
of the PCCIP’s recommendations. To address its 
charge, the LRG conducted a preliminary analysis of 
Presidential Decision Directive (PDD) 63, Critical 
Infrastructure Protection, which the President issued on 
May 22, 1998, to support the PCCIP recommendations 
and to establish a national policy to eliminate 
vulnerabilities in the Nation’s critical infrastructures. 
Based on the LRG’s findings, the committee requested 
that the lES undertake a more detailed assessment of 
the planned implementation of PDD-63 and report back 
to it regularly on progress made. 

Information Sharing 

Following NSTAC XXI, and in response to information 
sharing policy outlined in PDD-63, the NSTAC tasked 
the LRG to identify and assess the legal and 
regulatory obstacles to sharing outage and intrusion 
information. To that end, the LRG determined that 
identification and discussion of existing and proposed 
NS/EP-related outage and intrusion information 
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sharing mechanisms could provide additional insights 
to assist the group in assessing critical Information 
sharing issues, particularly those associated with the 
implementation of PDD-63. As a result, and to better 
understand the Information sharing environment and 
the entities involved in the process, the NSTAC 
developed its Report on Telecommunications Outage and 
Intrusion Information Sharing, which outlined the entities 
with whom telecommunications companies shared 
outage and intrusion information and reviewed 
potential legal barriers that could ultimately inhibit the 
information sharing process. 

During NSTAC XXIII, the NSTAC, through its LRWG, 
again examined information sharing issues—this 
time, focusing on the impediments to information 
exchange, especially critical infrastructure information 
(Cll) sharing. As a result, the LRWG undertook an 
In-depth analysis of The Freedom of Information Act {TO\A), 
examining FOIA’s potential to hinder industry 
information sharing with the Government. FOIA 
permits the public to request and gain access to 
records that Government departments and agencies 
maintain, the disclosure of which could deter Industry 
from sharing further information with the 
Government. Although there are a number of 
exemptions to FOIA’s requirements for disclosure of 
information, none of the exemptions clearly cover 
information pertaining to critical Infrastructure 
protection (CIP). The LRWG met several times with 
Department of Justice (DOJ) officials to exchange 
views on perceived problems including liability and 
antitrust concerns and potential legal solutions. 

As a result of the LRWG’s deliberations, the NSTAC 
agreed with DOJ representatives on the need for a 
nondisclosure provision to protect “security-related” 
Information voluntarily shared with the Government. 
The LRWG shared its analysis with the NSTAC’s 
Information Sharing-CIP Task Force, which addressed 
both the technical and legal and regulatory 
FOIA issues in its May 2000 Report on Information 
Sharing-Critical Infrastructure Protection. 

The NSTAC furthered its information sharing work 
during the NSTAC XXIV and XXV cycles. During this 
time, the committee requested the LRTF to examine 
pending FOIA legislation from the 106th and 107th 
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Congresses and to work with Congressional staff to 
determine the status and outlook of the legislation. In 
response to the analysis conducted by the LRTF, the 
NSTAC delivered a letter to President Bill Clinton on 
August 7, 2000, requesting his support on legislation 
that would protect CIP information voluntarily shared 
with the Government from disclosure under FOIA 
and limit liability. Following the NSTAC XXIV Meeting 
in June 2001, the NSTAC acknowledged the 
continued importance of the topic and resubmitted 
the letter to President George W. Bush asking him to 
support such legislation. On September 26, 2001, 
President Bush replied that he supported a narrowly 
drafted exception to FOIA to protect information 
about corporations’ and other organizations' 
vulnerabilities to information wartare and malicious 
hacking. In a December 17, 2001, letter to the 
President, the NSTAC encouraged the President to 
continue to support information sharing legislation. 

The LRTF continued to examine information sharing in 
the NSTAC XXVI and NSTAC XXVII cycles as well. 

During these cycles, Congress passed the CIIAct, which 
provided additional FOIA and liability protections for 
companies that voluntarily share critical infrastructure 
information with DFIS. Following enactment of the CIIAct, 
the NSTAC requested the LRTF to assess whether 
additional information sharing barriers remained and to 
examine other legal and non-legal barriers for the 
purposes of homeland security. As a result of the 
LRTF’s analysis, the NSTAC drafted its Barriers to 
Information Sharing Report, in which it made a series of 
recommendations for improving the exchange of Cl I 
between industry and Government and for protecting 
voluntary Cl I that critical infrastructure owners and 
operators provide to the Government. 

The C///lcf called for the creation of a CIP program 
within DHS that would protect Cll provided to the 
Department trom public disclosure under FOIA and 
other mechanisms. On April 15, 2003, DHS 
published a Notice of Proposed Rulemaking (NPRM) 
in the Federal Register on Procedures for Handling 
Cll. Given the implications for information sharing 
between the public and private sectors, the LRTF 
began evaluating the NPRM and the program it 
proposed. DHS issued its final rule on Procedures for 
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Handling Cll on September 1, 2006, establishing the 
Protected Cll (PCII) Program Office. LRTF members 
noted many laudable provisions but remained 
concerned that the final rule was not sufficiently 
specific on whether information provided DHS under 
contract would receive PCII protections. The task 
force requested the PCII Program Office provide 
clarification on this point. 

The Year 2000 Readiness and Disclosure Act 

In 1998, with the nearing arrival of the new century, 
the NSTAC tasked the LRG to examine relevant 
communications-related year 2000 (Y2K) issues, 
particularly the success of the Year2000 Readiness and 
Disclosure Act (YZKAct) in urging greater information 
sharing within industry. In response, the LRG sent a 
letter to the NSTAC’s lES representatives seeking their 
companies' comments on the Y2KActant any 
additional legislative or regulatory actions that could 
facilitate Y2K-related information sharing and 
remediation. Per request by the President’s Council 
on Y2K Conversion, the NSTAC forwarded a summary 
of the committee’s findings in February 1999. 

Wireless Communications 

During NSTAC XXII, the NSTAC charged the LRG to 
identity the barriers to the issuance of wireless 
telecommunications priority access rules by the FCC 
and to evaluate NSTAC’s level of continued support of 
the Cellular Priority Access Services, (now referred to 
as the Wireless Priority Service [WPS]). During the 
course of the LRG’s examination, the group learned 
that the NCS planned to implement a new approach 
for providing wireless priority access based on channel 
reservation, causing the NSTAC to conclude its study. 

However, during NSTAC XXVI, the LRTF again 
engaged in wireless communications issues when the 
Wireless Task Force requested assistance from the 
LRTF in assessing the legal and regulatory aspects of 
the FCC Report & Order (R&O) on Priority Access 
Service (PAS). The LRTF reviewed the R&O and, 
after carefully considering the merits of reopening the 
PAS rulemaking, the task force concluded that 
revisiting the rules would be a lengthy process and 
could unintentionally slow the deployment ot WPS. As 
a result, the NSTAC sent a letter to the President 
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offering recommendations on how to facilitate the 
widespread deployment of wireless PAS. In the letter, 
the NSTAC commended the FCC for adopting a 
Second R&O for PAS, which indicates that carriers 
providing PAS shall have liability immunity from 
Section 202 of the Communications Act of 1934. The 
letter also stated that the FCC and the National 
Telecommunications and Information Administration 
should accelerate ongoing efforts to improve 
interoperability among Federal, State, and local public 
safety communications agencies. The letter further 
encouraged the Administration to support full and 
adequate Federal funding for wireless PAS. 

Convergence 

During NSTAC XXII, the LRG reviewed convergence 
issues in light of legislative, regulatory, and judicial 
actions that might affect existing and future 
public networks and potentially impact NS/EP 
telecommunications. The LRG’s preliminary analysis 
of convergence revealed no significant implications 
for NS/EP telecommunications. 

During the NSTAC XXV cycle, the NSTAC tasked the 
LRTF to undertake a further analysis of convergence 
issues, examining whether the current legal and 
regulatory environment was adequate to ensure NS/EP 
services in the converged and next generation networks 
(NGN) environment. To accomplish its tasking, the 
LRTF coordinated with participants in the Government’s 
Convergence Task Force to discuss the status of fhe 
Government’s work in the area of network convergence 
and the assurance of NS/EP communications services. 

The LRTE concluded that until the standards for 
packet-based services were established and the 
Government’s requirements in the evolving 
environment were certain, new legislation or 
regulation was premature. The task force also stated 
that the legal issues underlying the provisioning of 
NS/EP priority services to the Eederal Government in 
an NGN environment were extremely complex and 
might require further study. Based on the 
convergence analysis conducted by the LRTE and the 
Network Security Vulnerability Assessments Task 
Eorce, the NSTAC issued its Report on Network Security 
Vutnerabitity Assessments in March 2002. 
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Foreign Ownership 

During NSTAC XXIII, the NSTAC engaged the LRWG 
to conduct an examination of foreign ownership 
regulations and their possible impact on NS/EP 
communications. The task force examined domestic 
regulatory history and analyzed several mergers and 
acquisitions between domestic and foreign 
telecommunications carriers, ultimately finding fhat 
the current regulatory structure satisfied the different 
interests of the industry and Government parties 
involved. The LRWG concluded that it was unclear 
whether further statutory or regulatory changes would 
effectively enhance the role of national security issues 
in foreign ownership situations at that time. The 
LRWG documented its findings in a working group 
paper and shared its analysis with the NSTAC’s 
Globalization Task Eorce (GTF). Based on the analysis 
conducted by the LRWG and the GTE, the NSTAC 
issued its Giobaiization Report in May 2000. 

Cyber Crime 

At the request of the NSTAC during cycle XXVI, the 
LRTE examined existing legal penalties for committing 
Internet attacks to determine whether those penalties 
should be strengthened or whether additional penalties 
were needed. In its Report on Penaities for internet Attacks and 
Cyber Crime, the NSTAC concluded sufficient legal 
authority exists to penalize and deter those who commit 
cyber crimes. The NSTAC also made additional 
recommendations for pursuing a well-rounded and 
proactive approach to combating cyber crime. 

Potentiai Poiicy Confiicts with Homeiand Security 
and NS/EP Missions 

During the NSTAC XXVII cycle, and in response to 
an NSTAC request, the LRTE reviewed the policy 
landscape for national policies and regulations that 
could potentially conflict with homeland security and 
NS/EP missions. More specifically, the LRTE 
examined telecommunications policy conflicts related 
to fuel storage, water sector infrastructure, critical 
facilities markings, jurisdictional conflicts, and 
common underground facilities. The task force 
determined that policy conflicts existed due to the 
existence of overlapping and contradictory policies 
and regulations at the Eederal, State, and local levels. 


37 


STANDING ISSUES ◄ 2007-2008 NSTAC Issue Review 


In response to the LRTF’s analysis, the NSTAC 
sent a letter to President Bush in October 2003 
recommending that he ask the Homeiand Security 
Council, the National Security Council, and Federal 
departments and executive agencies, including 
independent agencies, to undertake several activities. 
These activities included evaluating proposed policies 
and regulations to ensure that homeland security and 
NS/EP implications have been consolidated; 
completing a review of existing policies and regulations 
for potential cross-sector conflicts with homeland 
security and NS/EP priorities and working with DEIS to 
promptly resolve any identified conflicts; and 
implementing a framework to resolve multijurisdictional 
(Federal, State, and local) conflicts and, if necessary, 
recommend an appropriate legislative resolution. 

Open Source Information 

In response to concerns that terrorists or other 
motivated adversaries could easily access sensitive 
information, such as the location of critical 
telecommunications facilities, on the Internet and use 
this information to plan an attack on the Nation's 
telecommunications infrastructure, the NSTAC tasked 
the LRTF to undertake an analysis of open source 
information. The LRTF completed its analysis during 
the NSTAC XXVIII cycle, and on April 8, 2005, the 
NSTAC sent a letter to President Bush recommending 
various activities including the development and 
adoption of Web publishing and access guidelines by 
the Federal Government incorporating provisions that 
protect industry-sensitive Cl I provided to the 
Government and the promulgation of Web publishing 
and access guidelines for dealing with sensitive 
but unclassified Cll. 

The LRTF's work on open source information 
continued during the NSTAC XXIX cycle, when the 
NSTAC, during the March 10, 2005, Principals’ 
Conference Call, requested that the LRTF address 
the concern of open source information on academic 
web sites and report back to them about the 
advisability of scoping this issue. After conducting its 
analysis, the LRTF reported back to the Principals 
that the issue did not require further scoping. 
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SAFETYAct 

During the NSTAC XXVIII cycle, the LRTF initiated 
an examination of the NS/EP telecommunications 
implications of the implementation of the SAFETY Act at 
the request of the committee. The LRTF continued to 
monitor the implementation of the SAFETYAct in the 
NSTAC XXIX cycle, reporting to the NSTAC 
periodically on the status of the efforts. 

Defense Production Act 

During NSTAC XXVIII, the NSTAC commissioned 
the LRTF to begin an examination of the NS/EP 
implications of the DPA and the proposed 
amendments to the Act and to Executive Order (E.O.) 
12919, National Defense Industrial Resources Preparedness. 
During the NSTAC XXIX cycle, the task force agreed 
to continue to monitor potential amendments to the 
DPA and to E.O. 12919 to ensure essential NS/EP 
needs are met in any revision to law. 

Legislative Concerns Associated with the 
2005 Hurricane Season 

The 2005 hurricane season defined many of the 
committee’s legislative and regulatory priorities during 
the NSTAC XXIX cycle. The Government’s response to 
Flurricanes Katrina, Rita, and Wilma prompted the 
NSTAC to request assistance from the LRTE to review 
the legal and regulatory environment in which Eederal 
response took place. The LRTE analysis revealed that 
several legislative mechanisms needed revision 
including the Robert T Stafford Disaster Relief and Emergency 
Assistance (Stafford) Act, which the committee felt did not 
adequately provide assistance to telecommunications 
infrastructure providers (TIP) in disasters. The task 
force also determined that difficulties carriers faced in 
obtaining security, fuel, water, site access, and billeting 
for workers could be mitigated if the Eederal 
Government created a designation for “Emergency 
Responders (Private Sector)’’ and included TIPs in 
that category. Accordingly, the NSTAC sent a letter to 
President Bush advising him to act no later than 
June 1, 2006, to establish and codify the term 
“emergency responder (private sector)’’ to include 
TIPs and ensure they receive non-monetary 
assistance, including accessing restricted areas and 
obtaining fuel, water, power, billeting, and workforce 
and asset security, by: 
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► Directing DHS to modify the National Response 
Plan and its emergency support functions to 
designate TIPs as Emergency Responders (Private 
Sector) and to establish protocols and procedures 
for the way In which Federal, State, local, and 
tribal Governments should work with TIPs before, 
during, and after a national disaster; 

► Issuing appropriate Presidential guidance to define 
Emergency Responders (Private Sector) under the 
Stafford Act and other authorities as appropriate to 
align with the broadened definition of national 
defense in the 2003 amendments to the DPA. 
Specifically, the guidance should make clear that key 
response personnel of critical telecommunications 
infrastructure owners and operators should be 
defined as Emergency Responders (Private Sector) 
and should receive non-monetary Federal assistance 
under the Stafford Act, and 

► Directing the Secretary of Plomeland Security to 
work with Congress to align the Stafford Act and 
other appropriate legislative authorities with the 
DPA by codifying the designation of private sector 
TIPs as Emergency Responders (Private Sector) 
and by codifying the official Interpretation that 
for-profit TIPs should receive Federal assistance. 

Telecommunications Circuit Route Diversity Policy 

In April 2004, the NSTAC recommended the President 
direct appropriate departments and agencies to support 
the Alliance for Telecommunications Industry Solutions 
(ATIS) National Diversity Assurance Initiative (NDAI), 
which sought to examine diversity assurance and ways 
to ensure it is maintained over time as well as best 
practices for NS/EP organizations. In its February 2006 
final report on the NDAI, ATIS found that because circuit 
diversity assurance cannot be offered as a commercially 
viable product, the Government should revise existing 
Federal guidance on contingency planning and 
continuity of operations. The LRTF agreed with the ATIS 
findings and during the NSTAC XXX cycle evaluated 
methods for disseminating the NDAI recommendations 
to NS/EP stakeholders. 
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Cyber and Network Security Policy Issues 

During Summer 2007, the LRTF began an examination 
of the May 2007 Distributed Denial of Service (DDoS) 
cyber attacks against the Republic of Estonia. While the 
attacks methods and technologies were typical of similar 
attacks, the Incident drew the attention of the 
International community because it was the first time 
attackers contributed to successfully disrupting a 
significant portion of a nation state’s networks. 
Furthermore, Estonian officials initially speculated that 
the attack may have been state-sponsored, raising 
questions of “cyber warfare,” though those assertions 
remain unproven. 

The Estonia incident reaffirmed the conclusions 
in the NSTAC Report on International Communications, that 
cybersecurity incident response requires more formal 
collaboration among the United States and its 
international partners, which must be seamless and 
able to occur within a very short time frame. The LRTF 
also found that an Estonlan-llke DDoS attack may not 
have a similar impact here in the United States, as 
Estonia is almost totally dependent on the Internet for 
business-to-business and consumer-to-business 
interface with little brick and mortar or alternate means 
of service provision available to the citizenry. The United 
States, by comparison, is not as Internet-dependent. 
Additionally, U.S. service providers are able to re-route 
traffic, control bandwidth, and address traffic as 
necessary on a customer-specific basis to limit the 
impact of such attacks. 

As the LRTF was conducting its examination, the 
Office of the Director of National Intelligence (ODNI) 
released an Annual Threat Assessment describing 
the increasing number of cyber attacks against U.S. 
networks and the vulnerabilities of the Nation’s 
information infrastructure. ODNI stated that the 
“[U.S.] information infrastructure...increasingly Is 
being targeted for exploitation and potentially for 
disruption or destruction, by a growing array of state 
and non-state adversaries...[ODNI assesses] that 
nations, including Russia and China, have the 
technical capabilities to target and disrupt elements 
of the U.S. Information infrastructure and for 
intelligence collection.” The LRTF believes that the 
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ODNI statement signals a paradigm shift in Federai 
network security and defense practices by asserting 
that sovereign nations are targeting U.S. networks. 

The cyber attacks against Estonia and the 
Government’s new initiatives wiii iikely have severai 
implications on U.S. cybersecurity and defense 
poiicies. As the Government takes steps to iay out its 
new approach to cybersecurity and cyber defense, the 
LRTF remains ready to help analyze any necessary 
changes to the legal and policy framework. 

Actions Resulting from NSTAC Recommendations 

In the Barriers to Information Sharing Report, the NSTAC 
advised the President that DHS should be the 
clearinghouse and dispenser of Gil information and 
that CIIAct protections should cover departments and 
agencies other than DEIS. In a related action, on 
February 18, 2004, DFIS launched the PCII Program, 
pursuant to the CIIAct The PCII Program Office is 
part of the DFIS Infrastructure Partnerships Division 
and serves as the clearinghouse and dispenser of Cll. 

On October 28, 2003, in response to the NSTAC’s 
Letter to President Bush on National Policies and 
Regulations that Conflict with Flomeland Security and 
NS/EP Missions, the Assistant to the President for 
Flomeland Security confirmed that the staff of the 
Executive Office of the President had been tasked to 
convene a meeting with the other White Flouse 
stakeholders to review the recommendations 
in the NSTAC’s letter and to analyze their impact to 
NS/EP communications. 

Furthermore, the FCC’s Independent Panel Reviewing 
the Impact of Flurricane Katrina on Communications 
Networks released its Report and Recommendations 
to the FCC on June 12, 2006, which endorsed 
NSTAC’s recommendation that telecommunications 
infrastructure providers be afforded emergency 
responder status under the Stafford Act In July 2006, 
Secretary Michael Chertoff confirmed fo the NSTAC 
that DFIS officials had been working closely with 
Congress to ensure that the committee’s emergency 
responder provisions would be sufficiently addressed 
in future legislation to be formally introduced by the 
Senate. In addition, DFIS announced it had developed. 
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in partnership with Federal, State, and local 
government entities, as well as a private sector 
company, an access standard operating procedure 
(SOP) to ensure that private critical infrastructure 
responders have priority access to disaster areas. The 
access SOP had been adopted by the State of Georgia 
and has been distribufed to a broader community, 
including the Flomeland Security Advisors and the 
National Association of Regulatory Commissioners. 

Furthermore, Section 607 of the Security and Accountability 
for Every Port Act of2006, which was signed into law on 
October 13, 2006, amends the Stafford Act hy providing 
a list of essenfial services whose providers may be 
defined as “essential service providers." Congress 
listed privately owned telecommunications among 
these services and declared that Federal agencies may 
not prevent essential service providers from accessing 
disaster sites or otherwise impede their efforts to 
conduct response and recovery of fhe 
telecommunications infrastructure “to the greatest 
extent practicable.” In addition, as the NCS develops 
supporting documents for the National Response 
Framework, such as the 15 planning scenarios and 
SOPs, it will provide input regarding access, security, 
and fuel support for industry essential service 
providers. The NCS will also include these issues in 
other documents it produces, including the Emergency 
Support Function 2 Operations Plan and Job Aids. 

Reports Issued 

Legislative and Regulatory Group Report, December 1997. 

Legislative and Regulatory Group Report, September 1998. 

Procedure for Problem Resolution with the Federal 
Communications Commission and the l^ational Coordinating 
Center for Telecommunications During Emergency 
Telecommunications Disruptions, September 1998. 

National Services Subgroup White Paper, September 1998. 

Legislative and Regulatory Group Report, June 1999. 

Telecommunications Outage and Intrusion Information 
Sharing Report, June 1999. 


40 


The President’s National Security Telecommunications Advisory Committee 


Letter to President Bill Clinton on Protection of Critical 
Infrastructure Information, August 7, 2000. 

Letter to President George W. Bush on Protection of Critical 
Infrastructure Information, June 2001. 

NSTAC Report on Penalties for Internet Attacks and Cyber Crime, 
April 2003. 

NSTAC Report on the Barriers to Information Sharing, 

September 2003. 

Letter to President George W. Bush on National Policies and 
Regulations that Conflict with Homeland Security and NS/EP 
Missions, October 16, 2003. 

Letter and Addendum to President George W. Bush on Open 
Source Critical Infrastructure Information, April 8, 2005. 

Letter and Report to President George W. Bush on Federal 
Support to Telecommunications Infrastructure Providers During 
National Emergencies, Designation as Emergency Responders 
(Private Sector), January 31, 2006. 

U.S. Policy Considerations of the 2007 Cyber Attacks Against 
Estonia White Paper, 2008 (in progress). 
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Research and Development 

Investigation Group / Period of Activity 

Network Security Task Force 

February 1990 - August 1992 

Network Security Group 

December 1994 - April 1997 

Network Group, Intrusion Detection Subgroup 

April 1997 - September 1999 

Research and Development Exchange Task Force 

April 1997 - September 1999 

Research and Development Task Force 

July 2003 - Present 

Issue Background 

Communications and information technology 
research and deveiopment (R&D) advances the 
digital technologies that power critical national 
security and emergency preparedness (NS/EP) 
capabilities. A strong, collaborative R&D program 
advances the resilience of felecommunications and 
informafion systems. Therefore, fhe Presidenf’s 
National Security Telecommunications Advisory 
Committee (NSTAC) examines areas for fufure 
developmenf and seeks fo enhance coordination 
between the public and private sectors and the 
academic research community. 

History of NSTAC Actions and Recommendations 

Periodically, the Research and Development Task 
Force (RDTF) of the NSTAC’s Industry Executive 
Subcommittee (lES) conducts its Research and 
Development Exchange (RDX) Workshop, the broad 
purpose of which is to stimulate and facilitate a 
dialogue among industry, Government, and academia 
on emerging security technology R&D activities that 
have the potential to both positively and negatively 
affect the NS/EP posture of the Nation. To ensure 
inclusion of all sfakeholders in the R&D community, 
the RDTF traditionally invites representatives from a 
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broad number of private sector companies, academic 
institutions, and key Government agencies with NS/EP 
and/or R&D responsibilities such as the Office of 
Science and Technology Policy (OSTP), fhe Defense 
Advanced Research Projects Agency (DARPA) the 
Department of Homeland Securify (DHS) Science 
and Technology (S&T) directorate, and the National 
Institute of Standards and Technology (NIST). Over 
the course of the workshop, participants endeavor to 
frame key policy issues; identify and characterize 
barriers and impediments inhibiting R&D; discuss how 
stakeholders can cooperate and coordinate efforts as 
the communities of interest shift; and develop specific 
and realisfic recommendations for furfher action by 
key stakeholders and decision makers. 

The RDX Workshops date back to 1990 when the 
growing prevalence of hacker incidenfs led to the 
formation of the NSTAC’s Network Security Task 
Force (NSTF). The task force’s purpose was fo assess 
the threats to and the vulnerabilities of the public 
switched telephone network. A key component of the 
task force’s work included examining R&D issues 
related to security with a particular emphasis on 
improving commercially applicable tools. 

In mid-1991, the NSTF identified six areas in which 
R&D on commercially applicable security tools was 
needed and asked the Government to share 
information about its R&D efforts in those areas. The 
subsequent briefings provided by representatives of 
the National Security Agency and NIST to the NSTAC, 
which constituted the NSTAC’s first RDX Workshop, 
demonstrated that Government already had R&D 
efforts under way in all of those areas. 

NSTAC R&D activities gained momentum again in 
March 1996 when the NSTAC’s Network Security 
Group (NSG) facilitated a seminar for industry and 
Government to discuss network security R&D 
activities and issues. The purpose of the seminar 
was threefold: (1) provide a common understanding 
of nefwork security problems affecting NS/EP 
telecommunications; (2) identify R&D acfivifies in 
progress to address those problems; and (3) identify 
additional network security R&D activities needed. 
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The NSG identified four areas of interest for furfher 
invesfigafion from the seminar—authentication, 
intrusion detection, integrity, and access control—upon 
which it conducted the second RDX Workshop on 
September 18, 1996. Because the objective was to 
facilitate meaningful discussion among participants, 
participation at the workshop was limited to 50 people 
representing 15 companies and 11 Government 
organizations, including one federally funded 
research and development center. The committee 
limited industry representation to NSTAC member 
companies only. 

In 1997, in response to a number of stimuli, including 
the recommendations from fhe 1996 RDX Workshop, 
the Network Group (NG)—formerly the NSG— 
conducted a study of intrusion detection technology 
R&D and analyzed it in terms of meeting NS/EP 
requirements. As a result of the analysis, the NSTAC 
made four recommendations to the President, including 
the need to increase R&D funding for control systems of 
crifical Infrasfructures and to encourage cooperative 
development programs to maximize the use of existing 
R&D resources in industry. Government, and academia. 
The NSTAC’s recommendations reinforced prior 
committee recommendations to examine the need for 
and feasibility of collaborafive R&D approaches for 
security technology. It also provided the basis for fhe 
concept of the third RDX Workshop, Enhancing Network 
Security Technology: R&D Collaboration, held in 
October 1998 at Purdue University's Center for 
Education and Research in Information Assurance (lA) 
and Security to examine collaborative approaches to 
security technology R&D. The participants, which for 
the first time included members of the academic 
community, also discussed the need to train more 
information technology (IT) security professionals, 
create large-scale test beds to test security products 
and solutions, and promote the creation of lA Centers 
of Excellence in academia. 

Deliberations at the RDX Workshop at Purdue University 
resulted In several findings and recommendations for 
future industry. Government, and academia work. 
Discussions also noted three recommendations for 
future NSTAC consideration, including the need to, 
“conduct another R&D Exchange in the spring of 2000 
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fo continue the dialogue on the long-term issues 
associated with infrastructure assurance and network 
security,” such as new threats and convergence. The 
third RDX Workshop also provided the model for all 
future workshops. 

Held at the University of Tulsa in September 2000, 
the fourth RDX Workshop examined issues of 
fransparent security in a converged and distributed 
network environment. Attendees discussed the need 
to address the shortage of qualified informafion 
securify professionals, expand the number of 
universities participating in the lA Centers of 
Excellence program, and promote best practices, 
standards, and protection profiles to enhance the 
security of the NGN. Eindings and recommendations 
from the workshop included the establishment of 
NSTAC task forces to address standards and best 
practices for nefwork security. 

The fifth workshop held in March 2003 at the Georgia 
Tech Information Security Center (GTISC) at the 
Georgia Institute of Technology In Atlanta, Georgia, 
explored the full range of telecommunications and 
Information systems trustworthiness issues as they 
pertained to NS/EP telecommunications systems. 
Specifically, the attendees examined trustworthiness 
from four different perspectives: cyber and software 
security, physical security, integration issues, and 
human factors. Erom this event, the RDTE developed 
seven specific findings including fhe need to clearly 
define the term NS/EP in a post-September 11, 2001, 
world characterized by a rapidly changing technology 
and threat environment and the need for a large-scale 
festbed fhat could be used as an environment to test 
NS/EP systems and critical infrastructures. 

To directly address the findings from fhe 2003 RDX 
Workshop during the NSTAC XXVII cycle, the RDTE 
developed a “living” discussion paper providing the 
background for the policy components of fhe evolving 
definition of NS/EP. The RDTE also examined several 
large-scale public and privafe festbeds, reviewing their 
capacity to test the telecommunications and information 
systems infrastructures for NS/EP purposes. As a result, 
the NSTAC finalized recommendations for a joint, 
collaborative, distributed industry. Government, and 
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academia pilot testbed that could advance the current 
state of NS/EP and critical infrastructure protection 
integration activities. 

The sixth workshop, held in Monterey, California in 
October 2004, reconsidered the R&D issues associated 
with trustworthy NS/EP telecommunications addressed 
at the 2003 RDX Workshop and examined progress 
made, unfinished work, and new challenges. 

Participants again focused on major cyber and software, 
physical, human factor, and integration research issue 
areas and discussed the need for information exchange 
and collaboration efforts within the R&D community. 

At the 2004 RDX Workshop, participants 
resoundingly agreed that embedding strong, 
ubiquitous authentication and identity management 
technologies into future networks was critically 
important. As a result of this discussion, the NSTAC is 
currently evaluating whether it should conduct an 
analysis of identity management security concerns 
unique to NS/EP telecommunications. 

The seventh and first-ever international workshop in 
Ottawa, Ontario, Canada in September 2006 focused 
on international multilateral collaborative R&D to 
enhance security on the network. Participants 
explored and prioritized critical issues related to 
international collaboration on communications and 
cyber R&D that enhanced preparedness and 
security. Participants identified and characterized 
barriers and impediments inhibiting multilateral, 
collaborative research investments and discussed 
how international stakeholders can cooperate and 
capitalize on collective advancements. 

As a result of the discussions, the NSTAC began to 
conduct intense analysis of identity management (IdM) 
security concerns and increase education and 
awareness of the subject and strengthen collaboration 
amongst nations in regards to Research and 
Development Initiatives. During the 2007-2008 cycle, 
the RDTF focused on analyzing IdM to determine the 
impact on NS/EP communications. The task force 
developed an NSTAC working definition of IdM and an 
inventory of existing IdM-related activities in the private 
and government sectors. The RDTF performed a gap 
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analysis that determined the best role for the NSTAC is 
to continue to monitor and examine the development of 
IdM standards in the international community. 

The task force began preparations for the 2008 RDX 
Workshop to be held at the Motorola, Inc. facilities in 
Schaumburg, Illinois on September 25-26, 2008. 
Tentative topics for discussion include identity 
management, emergency communications response 
networks, defending cyberspace, and converging and 
emerging technologies. 

Actions Resulting from NSTAC Recommendations 

Following the 2003 RDX Workshop in Atlanta, 

Georgia, the RDTF provided the Director, OSTP with 
policy advice on specific areas of security technology 
R&D that should be taken Into account when 
providing input to the President’s fiscal year 2004 
budget request. The RDTF also provided its NS/EP 
Definition Discussion Paper to the Executive Office of 
the President to utilize in on-going discussions on 
NS/EP communications. 

Reports Issued 

Network Security Research and Development Exchange 
Proceedings, September 1996. 

Report on the NS/EP Implications of Intrusion Detection 
Technology Research and Development, December 1997. 

Research and Development Exchange Proceedings: 

Enhancing Network Security Technology R&D Collaboration, 
October 20-21,1998. 

Research and Development Exchange Proceedings, Transparent 
Security in a Converged and Distributed Network Environment, 
September 28-29, 2000. 

Research and Development Exchange Proceedings, R&D Issues to 
Ensure Trustworthiness in Telecommunications and Information 
Systems that Directly or Indirectly Impact National Security and 
Emergency Preparedness, March 13-14, 2003. 

NS/EP Definition Discussion Paper, April 2004. 
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Research and Development Exchange Proceedings, A Year Later 

R&D Issues to Ensure Trustworthiness in Telecommunications and 
Information Systems that Directly or Indirectly Impact National 
Security and Emergency Preparedness, October 28-29, 2004. 

Verizon Communications, Incorporated 

Mr. James Bean 

Other Research and Development Task Force 
Participants 

The Critical Importance of Testbeds forNS/EPR&D, May 2005. 

Computer Sciences Corporation 

Research and Development Exchange Proceedings: Leveraging 
Global Partnerships for the Security of Eree Nations and All Sector 
Preparedness and Response, September 21-22, 2006. 

Mr. James Zok 

Department of Homeland Security 

Ms. Annabelle Lee 

Research and Development Task Force Membership 

EWA-IIT 

Computer Sciences Corporation 

Mr. Guy Copeland, Chair 

Mr. Michael Aisenberg 

Georgia Institute of Technology 

Nortel Networks Corporation 

Dr. John Edwards, Co-Vice Chair 

Dr. Seymour Goodman 

Science Applications International Corporation 

Mr. Henry Kluepfel, Co-Vice Chair 

Telecordia Technologies Incorporated 

Mr. Robert Lesnowich 

Unaffiliated 

AT&T, Incorporated 

Ms. Rosemary Letfler 

Dr. Jack Oslund 

VeriSign, Incorporated 

Bank of America Corporation 

Mr. Roger Callahan 

Mr. Anthony Rutowski 

Verizon Communications, Incorporated 

The Boeing Company 

Mr. Robert Steele 

Mr. Marcus Sachs 

Motorola, Incorporated 

Mr. Michael Alagna 


Microsoft Corporation 

Ms. Cristin Flynn-Goodwin 


Northrop Grumman Corporation 

Mr. David Dobbs 


Telecordia Technologies Incorporated 

Ms. Louise Tucker 


VeriSign, Incorporated 

Mr. William Gravell 



46 


Previously Addressed Issues 




The President’s National Security Telecommunications Advisory Committee 

Automated Information 
Processing 

Investigation Group / Period of Activity 

Automated Information Processing (AlP) Task Force 

December 1982 - December 1984 


Issue Background 

The need to ensure a survivable AlP capability to 
support NS/EP telecommunications prompted the 
NSTAC to initiate a study of the AlP issue on 
December 14, 1982. The AlP Task Force addressed 
the issue for nearly 2 years. 

History of NSTAC Actions and Recommendations 

In July 1983, NSTAC II recommended that the 
President direct the National Security Council, in 
conjunction with industry, to identify essential NS/EP 
functions and their dependence on AlP, and to rank 
those functions in order of priority on a time-phased 
basis. In April 1984, NSTAC III recommended that 
the President establish an AlP vulnerability awareness 
program within the Government. On December 12, 
1984, NSTAC IV forwarded the following AlP 
recommendations to the President: 

► Establish a full-time management entity to 
implement the telecommunications AlP 
survivability effort; 

► Conduct AlP vulnerability awareness programs in 
conjunction with the private sector; 

► Develop NS/EP AlP policy; 

► Initiate efforts to enhance the survivability of 
NS/EP AlP in general; and 

► Provide the necessary funding and develop 
incentives for AlP survivability enhancements. 

The TSS Task Force worked on the AlP issue. It 
reviewed the Government’s responses to the NSTAC 
IV’s AlP recommendations. On September 22, 1988, 
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the NSTAC approved and forwarded the TSS Task 
Force findings and recommendations on AlP to 
the President. 

Actions Resulting from NSTAC Recommendations 

The TSS Task Force reviewed the Government’s 
responses to the NSTAC’s AlP recommendations. The 
task force found the Commercial Network 
Survivability program was addressing the 
recommendations regarding AlP embedded in 
telecommunications, but the Government had not 
implemented the recommendations on AlP for 
telecommunications operational support and AlP 
required to support 

NS/EP functions in general. The TSS Task Force 
recommended the Government consider the 
implications of all operational support AlP, especially 
for network management, restoration, and 
reconstitution; and that the Government implement 
an NS/EP AlP awareness program. The NSTAC 
approved the TSS Task Force’s findings and 
recommendations on AlP and forwarded them to the 
President on September 22, 1988. 

Reports Issued 

Working Group Proceedings on AlP Survivability, October 6,1982. 

AlP Task Force Report, June 1983. 

Strategy and Recommendations for Achieving Enhanced NS/EP 
AlP Survivability, October 25,1984. 

Einal Report Addendum, May 1,1985. 
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Commercial Network Survivability 

Investigation Group / Periods of Activity 

Commercial Network Survivability (CNS) Task Force 

February 1984 - October 1985 

Issue Background 

In September 1983, the NSTAC lES reviewed the issues 
associated with teiecommunications systems 
survivabiiity and decided its scope was too broad for a 
single task force to address. The lES requested that the 
Resource Enhancements Working Group (REWG) and 
the Emergency Response Procedures Working Group 
(ERPWG) meet to discuss and refine the issues. The 
REWG and ERPWG met on November 9, 1983. They 
suggested establishing the CNS Task Eorce to develop 
and prioritize initiatives to enhance the survivability of 
the terrestrial portion of commercial carrier networks. 
The lES initiated the assessment of the CNS issue on 
Eebruary 29, 1984. It formed the CNS Task Eorce and 
instructed it to improve the survivability of commercial 
communications systems and facilities, and identify 
initiatives to improve interactive emergency response 
capabilities among the commercial networks. 

History of NSTAC Actions and Recommendations 

On October 9, 1985, the NSTAC forwarded five CNS 
recommendations to the President regarding: 

► Specification of survivability requirements for 
NS/EP services; 

► Development of NS/EP network architecture plans; 

► Development of plans and procedures for network 
emergency operations; 

► Acquisition and maintenance of databases; and 

► Government participation in standards 
organizations. 
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The President endorsed those initiatives, and 
the OMNCS undertook a CNS program. On 
November 6, 1987, the NSTAC approved the TSS 
Task Force’s findings and recommendations on CNS 
and forwarded them to the President. 

Actions Resulting from NSTAC Recommendations 

The TSS Task Force reviewed Government actions 
taken on the NSTAC’s CNS recommendations. The 
task force found the Government’s actions focused 
on the highest threat level, but the Government had 
taken no action on the CNS Task Force 
recommendation to form a joint industry and 
Government group to develop network architecture 
plans. The TSS Task Force recommended that the 
CNS program be expanded to include the entire 
threat spectrum and all NS/EP users. 

The OMNCS established a CNS Program Office 
which engineered and implemented enhancements 
in the PSN for NS/EP disaster recovery 
communications use during regional emergencies 
and national crises. The CNS Program Office 
evaluated the effectiveness of those enhancements 
by modeling the anticipated effects of natural 
disasters and wartime scenarios using computer 
simulations and through proof-of-concept testing. 

The OMNCS used its computer modeling capabilities 
and extensive database containing detailed 
information on the structure of the PSN to assess the 
CNS enhancements. Enhancements included 
dedicated leased lines in the local exchange carrier 
networks to provide alternate, survivable routes for 
NS/EP communications. The program office 
expected future enhancements to use advanced 
technology service offerings from those same carriers 
and from cellular service providers and competitive 
access providers. 

The Mobile Transportable Telecommunications 
(MTT) program, an associated effort, demonstrated 
reconnecting isolated portions of the PSN using 
standard military radio equipment. The MTT program 
performed these demonstrations with National Guard 
equipment and participation. The CNS Program 
Office worked with other National Level NS/EP 
Telecommunications Program (NLP) elements to 
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ensure interoperability of CNS network 
enhancements with other NLP component programs, 
such as Commercial Satellite Command 
Interconnectivity and the Government Emergency 
Telecommunications Service. In September 1994, 
the CNS program was terminated due to budget 
constraints. 

Reports Issued 

CNS Task Force (Interim) Report, December 6,1984. 

CNS Task Force Final Report, August 1985. 
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Commercial Satellite Survivability 

Investigation Group / Period of Activity 

Commercial Satellite Survivability (CSS) Task Force 

December 1982 - April 1984 
June 1988 - March 1990 

Satellite Task Force (STF) 

September 2003 - January 2004 

Issue Background 

At its first formal meeting on December 14, 1982, 
the NSTAC agreed to emphasize commercial satellite 
communications survivability initiatives. The NSTAC 
directed the CSS Task Force Resource 
Enhancements Working Group to assess the 
vulnerability of the commercial satellite 
communications network and the enhancements to 
the NS/EP 

telecommunications infrastructure that the use of 
commercial carrier satellites and Earth terminals 
could provide. A separate CSS Task Eorce reviewed a 
set of specific satellite initiatives selected for 
implementation, developed an implementation 
concept, and prepared a report of its actions and 
recommendations for fhe NSTAC. 

In June 1988, the NSTAC lES reactivated the CSS 
Task Eorce to review the proposed objectives and 
implementation initiatives of the commercial satellite 
communications (SATCOM) Interconnectivity (CSI) 
Phase II Architecture and offer recommendations. 

The NSTAC concurred with this action in 
September 1988. 

In March 1990, the NSTAC approved the final report 
of the reactivated CSS Task Eorce, which concluded 
that the CSI Phase II Architecture approach was 
reasonable, and made several recommendations to 
the Government. 
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The terrorist attacks on September!!, 2001, raised 
security concerns about the protection of the 
Nation’s vital telecommunications systems against 
threats, and raised awareness that a Federal 
program did not exist to ensure NS/EP 
communications w'a commercial satellite systems 
and services. 

In January 2003, the Director, National Security 
Space Architect, requested that the President’s 
NSTAC consider embarking on a study of 
infrasfructure protection measures for SATCOM 
systems. In response, the NSTAC’s lES formed the 
STF The STF was established to: 

► Review applicable documentation that addresses 
the vulnerabilities of the commercial satellite 
infrastructure; 

► Define pofential policy changes thaf have fo be 
made to bring the infrastructure into conformance 
wifh a standard for mitigating the vulnerabilities; 

► Consider Global Positioning System timing 
capabilities during the deliberations; 

► Coordinate this response with representatives 
from the NCS; and 

► Draft a task force report with findings and 
Presidenfial recommendations. 

History of NSTAC Actions and Recommendations 

At its first formal meeting on December 14, 1982, 
the NSTAC established the CSS Task Force to review 
a set of specific safellife initiatives selected for 
implementation, develop an implementation concept, 
and prepare a report of its actions and 
recommendations for the NSTAC. 

In September 1988, the NSTAC concurred with the 
lES June 1988 reactivation of the CSS Task Force to 
review the proposed objectives and implementation 
initiatives of the CSI Phase II Architecture and offer 
recommendations. 
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In March 1990, the NSTAC approved the final report 
of the reactivated CSS Task Force. The report 
concluded that the CSI Phase II Architecture 
approach was reasonable and it recommended 
the Government: 

► Include Ku-band assets in the CSI program to 
provide “access;” 

► Augment selected large Ku-band earth stations 
and control facilities to provide Ku-band 
interoperability; 

► Use very small aperture terminal technology to 
restore selected trunking between interexchange 
carrier switches and local exchange carrier end 
offices, and selecfed users in the United States to 
access the PSN via direct connection at an 
access tandem; and 

► Pursue investigations, analyses, and 
augmentations necessary to ensure NS/EP 
telecommunications service can be extended 
from fhe United States to NS/EP users overseas. 

The NSTAC also approved several specific 
recommendations to the Government regarding the 
use and augmentation of safellife assets to achieve 
various types of connectivity. 

In January 2003, the Director, National Security 
Space Architect, requested that the President’s 
NSTAC conduct a study of infrastrucfure protecfion 
measures for SATCOM sysfems. In response, fhe 
NSTAC’s lES formed the STF to analyze and assess 
SATCOM systems’ vulnerabilities and make policy 
recommendations to the President on how the 
Eederal Government should work with industry to 
mitigate vulnerabilities to the satellite infrastructure. 

The STE engaged broad participation from 
representatives of NSTAC member companies, 
non-NSTAC commercial safellife owners and 
operators, commercial satellite trade associations. 
Government agencies, and technical experts. The 
STE concluded its analysis of safellife security in 
January 2004 and presented its findings in the STE 
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Report. On the basis of ifs analysis and review of 
related policy issues, the NSTAC offered the following 
recommendations to the President: 

► Direct the Assistant to the President for Nafional 
Securify Affairs, Assisfant to fhe Presidenf for 
Homeland Security, and Director, Office of 
Science Technology Policy, to develop a national 
policy with respect to the provisioning and 
management of commercial SATCOM services 
integral to NS/EP communications, recognizing 
the vital and unique capabilities commercial 
satellites provide for global milifary operafions, 
diplomafic missions, and homeland securify 
contingency support; 

► Fund the Department of Homeland Securify to 
implement a commercial SATCOM NS/EP 
improvement program within the NCS to procure 
and manage the non-Department of Defense 
satellite facilities and services necessary to 
increase the robustness of Government 
communications; and 

► Appoint several members to represent service 
providers and associations from all sectors of fhe 
commercial safellife indusfry to the NSTAC to 
increase satellite industry involvement in NS/EP. 

Actions Resulting from NSTAC Recommendations 

The TSS Task Eorce reviewed the Government 
actions taken on the NSTAC’s CSS Task Eorce Phase 
I recommendations and found fhat the CSI Program 
and the Industry Information Security Task Eorce 
were pursuing most of the CSS initiatives. The TSS 
Task Force recommended that three aspects of the 
CSS initiatives be studied further: Ku-band 
interoperability, up-link jamming protection, and 
transportable terminals. 

The first CSS Task Force’s investigations resulted in 
the definition of 12 initiafives for improving fhe 
survivability and robustness of commercial satellite 
communications resources. The investigations also 
resulted in the incorporation of the CSS Program 
Office, esfablished in November 1984, as the CSI 
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Program Office in 1987. In addition, the CSS Task 
Force approved the CSi as part of the Nationai Level 
NS/EP Telecommunications Program. 

The CSI Program Office reviewed the CSS Task Force 
Phase II recommendations. The CSI Program Office 
investigated satellite technologies, such as Ku-band, 
and enhanced capabilities, such as connecting to 
local exchange carriers’ switches and providing PSN 
remote access to NS/EP users, as part of the CSI 
architecture development effort. The projected CSI 
Phase II Architecture implementation date was in FY 
96, but due to budget constraints, the CSI program 
was terminated in September 1994. 

During its 2004 review of the National Space Policy, 
the White Fiouse incorporated aspects of the STF 
report into the revised policy. In particular, aspects 
concerning ground and space links and potential 
points of failure were included in the revised policy. 

In addition, at the recommendation of the STF, the 
President appointed PanAmSat Floldings, Inc. to the 
NSTAC to represent the commercial satellite industry. 

Reports Issued 

Issue Papers for Commercial Communications Satellite Systems 
Survivability Initiatives, March 21,1983. 

Commercial Satellite Communications Survivability Report, 
prepared by the CSS Task Force Resource Enhancements 
Working Group, May 20,1983. 

Addendum to the Commercial Satellite Communications 
Survivability Report, May 20,1983. 

CSS Status Report, l\pt\\ 15,1984. 

Final Report of the CSS Task Force, December 1989. 

Final Report of the CSS Task Force, Appendix A, Technical 
Subgroup Report, December 1989. 
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Final Report of the CSS Task Force, Appendix B, Operational 
Subgroup Report, December 1989. 

Final Report of the CSS Task Force, Appendix C, International 
Subgroup Report, December 1989. 

Satellite Task Force Report, March 2004. 
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Common Channel Signaling 

Investigation Group / Period of Activity 

Common Channel Signaling (CCS) Task Force 

April 1993-January 1994 

NS/EP Panel 

March 1994 - March 1995 


Issue Background 

At the April 28, 1993, lES Meeting, the Operations 
Working Group NS/EP Panei recommended that the 
iES establish a task force to investigate common 
channel signaling. The task force would determine 
whether widespread, long- duration CCS outages 
affecting multiple interconnected carriers were a 
significant risk to the public switched network and 
NS/EP telecommunications. The IES established the 
CCS Task Eorce to: 

► Determine if there were failure mechanisms that 
could potentially lead to widespread, long-duration 
CCS outages among multiple interconnected 
carriers; 

► Evaluate the risk to NS/EP user telecommunications; 

► If significant risk existed, examine procedural or 
technological alternatives for mitigating it; and 

► Present appropriate recommendations to 
NSTACXVI. 

The CCS Task Eorce received informational briefings 
on the CCS architecture and on CCS network security 
incidents and concerns, protocol changes, the role of 
the Network Security Information Exchange in 
evaluating and determining CCS failures, and the 
Network Reliability Council's Signaling Network 
System Eocus Team. At NSTAC XVI, March 2, 1994, 
the IES deactivated the task force. 
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At the March 2, 1995, IES Meeting, the NS/EP Group 
Chair explained that during the preceding year, no 
significant outages had occurred during the group’s 
monitoring of the CCS network (the panel’s name 
was changed to the NS/EP Group in accordance with 
the December 1994 IES Guidelines). The Chair 
concluded that if no significant outages occurred in 
the next quarter, the group would discontinue 
monitoring the CCS network. 

History of NSTAC Actions and Recommendations 

The task force reported its conclusions and 
recommendations to NSTAC XVI on March 2, 1994. 
The task force concluded that the CCS architecture 
was inherently reliable and that the probability of a 
large-scale, long-duration, multiple carrier CCS 
outage resulting from a failure condition propagated 
to other CCS networks presented a low risk to NS/EP 
telecommunications. The IES recommended to 
deactivate the task force and tasked the NS/EP Panel 
to monitor CCS reliability for a year before 
reactivating or disbanding the task force. 

After receiving this tasking, the NS/EP Panel developed 
plans for a Eebruary 1995 tabletop CCS restoration 
exercise. In February 1995, the Network Cperations 
Forum conducted the CCS restoration exercise, thus 
fulfilling the obligations of the CSS Task Force charge. 

Reports Issued 

Final Report ot the Common Channel Signaling Task Force, 
January 31,1994. 
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Electromagnetic Pulse 

Investigation Group / Period of Activity 

Electromagnetic Pulse (EMP) Task Force 

September 1983 - October 1985 

Issue Background 

The NSTAC Industry Executive Subcommittee initiated 
the EMP assessment on September 27, 1983, in 
response to a Government request for industry’s 
perspective on the options available to industry and 
Government for improving the EMP survivability of the 
Nation’s telecommunications networks. The NSTAC 
approved the EMP study on April 3, 1984. 

History of NSTAC Actions and Recommendations 

On December 12, 1984, the NSTAC forwarded the 
following recommendations on EMP to the President: 

► Designate an appropriate Eederal agency to serve 
as an industry point of contact for EMP mitigation 
efforts and information distribution; 

► Support industry through its standards 
organizations in the development of 
electromagnetic standards that take the EMP 
environment into account; and 

► Undertake a program to improve the EMP 
endurability of the Nation’s commercial electrical 
power systems. 

On October 9, 1985, the NSTAC approved the EMP 
Final Task Force Report and forwarded a recommendation 
to the President, calling for a joint industry and 
Government program to reduce the costs of existing 
techniques for mitigating high-altitude electromagnetic 
pulse-induced transients and to develop new 
techniques for limiting transient effects. 
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Actions Resulting from NSTAC Recommendations 

The TSS Task Eorce reviewed the Government 
actions taken on the NSTAC’s EMP 
recommendations. It found that the Government had 
implemented nine of the EMP initiatives or was 
implementing them. The TSS Task Eorce made the 
following recommendations: 

► Industry and Government should continue to work 
together to implement the EMP initiatives; 

► The Government should prepare an unclassified 
EMP handbook; and 

► Industry, consistent with cost, should incorporate 
low-cost mitigation practices in its new/upgrade 
programs. 

The NSTAC approved the TSS Task Eorce’s findings 
and recommendations on EMP and forwarded them 
to the President on November 6, 1987. 

The OMNCS designated its Office of Technology and 
Standards as the Eederal office to serve as an 
industry and Government point of contact. It used 
the American National Standards Institute TlYl 
Committee as a forum for developing electromagnetic 
standards in support of industry and issued an 
unclassified EMP handbook [EMPMitigation Program 
Approach, NCS-TiB 87-17). The OMNCS received results 
from a simulated EMP test on an AT&T PSN switch. 
The OMNCS assessed the EMP impact on the PSN 
based on test results of transmission, signaling, and 
switching facilities. EMP test analysis results showed 
little cause for concern regarding the physical EMP 
survivability of the PSN, but revealed an increasing 
PSN vulnerability to EMP-induced switch and 
signaling upset. 

Reports Issued 

EMP Task Force Status Report, January 12,1984. 

EMP Final Task Force Report, July 1985. 
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Energy 

Investigation Group / Period of Activity 

Electromagnetic Pulse Task Force 

September 1983 - October 1985 

Telecommunications System Survivability Task Force 

March 1986-June 1989 

Energy Task Force 

August 1988 - March 1990; October 1991 - May 1993 

National Security and Emergency Preparedness Panel 

March 1994 - October 1994 

Telecommunications and Electric Power 
Interdependency Task Force 

January 2005 - December 2006 

Issue Background 

For decades, professionals in the telecommunications 
industry have been concerned with the potential 
impact a sustained power grid outage would have on 
the telecommunications network. Events, Including the 
power outage in Eastern Canada in January 1998, the 
terrorist attacks of September 11, 2001, the Northeast 
blackout In August 2003, and the devastating 
hurricane seasons of 2004 and 2005, continued to 
draw attention to the interdependencies between the 
two sectors and re-energized industry and Government 
efforts to find strategies to both dampen the impact of 
and mitigate against further occurrences. In addition to 
man-made and natural threats to the Infrastructure, 
changing trends In telecommunications network 
design also raise questions about the continued 
reliance of the telecommunications sector on electric 
power sources. With the growth of the next generation 
network, the attendant increase in the use of wireless 
and mobile technologies, and the dispersion of 
network elements, the network and Its users will 
increasingly rely on commercial electric service to 
supply the necessary power. 
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In this environment, the telecommunications and 
electric power sectors will increasingly be required 
to work together to ensure national security and 
emergency preparedness (NS/EP) services remain 
available to respond to terrorist incidents or 
natural disasters. 

History of NSTAC Actions and Recommendations 

The President’s National Security Telecommunications 
Advisory Committee (NSTAC) consideration of the 
interdependencies between the telecommunications 
and electric power sectors began in 1983 with the 
committee’s response to a Government request for 
industry’s perspective on the options available to 
industry and Government for improving the 
electromagnetic pulse (EMP) survivability of the Nation’s 
telecommunications networks. Based on the analysis 
conducted by its EMP Task Eorce, the committee 
provided several recommendations to the President on 
the issue in its Electromagnetic Pulse Final Task Force Report. 

In 1986, the Telecommunications Systems Survivability 
(TSS) Task Eorce initially reviewed the vulnerability of 
telecommunications to the loss of commercial electric 
power and presented the findings of its Telecommunications 
Systems Survivability Electric Power Survivability Status Report at 
the Eebruary 8, 1987, NSTAC VII Meeting. The TSS 
Task Eorce concluded the telecommunications industry 
would be extremely vulnerable to an extended electric 
power outage. As a result, the NSTAC recommended to 
the President that Government initiate a study to identify 
options for ensuring electric power survivability as it 
related to telecommunications. 

As a follow-up to Its vulnerability analysis, the committee 
established the Energy Task Force, which it charged 
with analyzing solutions to mitigate against the effects of 
electric power outages on telecommunications. In 1988, 
the Energy Task Eorce, with participation from the 
Department of Energy (DOE), the National 
Communications System (NCS), and the North 
American Electric Reliability Council undertook its 
activities, examining interdependencies between the two 
sectors after a major earthquake. 
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In October 1991, the NSTAC established a follow-on 
Energy Task Force and charged It to support the NCS 
In its efforts with DOE to develop criteria and a 
process for identifying crifical industry NS/EP 
telecommunications facilities that qualify for elecfric 
power restoration and priority fuel distribufion. Based 
on the task forces analysis, fhe NSTAC issued its 
recommendations to the President on the issue in its 
Energy Task Force Final Report in 1993. 

On March 8, 1994, the NS/EP Panel discussed 
power outages that occurred during winter storms on 
the East Coast and during the Northridge earthquake, 
and their effect on telecommunications. The panel 
agreed that a call from the power companies would 
have alerted carriers to the impending rolling 
blackouts and the need to switch to an emergency 
backup power source. 

Interdependency issues arose again as a result of 
extensive power and telecommunications outages 
during the hurricane season of 2004 in fhe soufheast 
region of the United States. Mr. F. Duane Ackerman, 
then Chairman and Chief Execufive Officer of 
BellSoufh and NSTAC Chair, highlighted his concerns 
about the situation in his speech at the Research and 
Development Task Force's October 2004 Research 
and Development Exchange Workshop in Monterey, 
California. Due to the dependence of the 
telecommunications network on electric power 
services, Mr. Ackerman noted the need for enhanced 
and alternative emergency power technologies. In 
addition, as the network becomes increasingly 
distributed, he noted that issues of reliability and ease 
of communication and coordination between the 
telecommunications and electric power industries will 
become increasingly important during natural 
disasters or terrorist incidents. 

As a result, in 2005, the NSTAC established the 
Telecommunications and Electric Power 
Interdependency Task Force to further evaluate how 
the telecommunications and electric power sector 
interdependencies will affect the future of the 
telecommunications network. The task force 
subsequently divided the work into two streams—an 
examination of fhe people and processes involved in 
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national security communications and restoration 
and an evaluation of the technological implications of 
future events. 

Based on the completion of the first work stream, 
the NSTAC issued its People and Processes: Current State of 
Telecommunications and Electric Power Interdependencies Report 
in January 2006. In the report, the NSTAC 
recommended that the President direct his 
departments and agencies to: 

► Define and establish the term Emergency 
Responder within the National Response Plan 
(NRP), now the National Response Framework 
(NRF), and other appropriate plans, guidance, 
directives, and statutes, including other local. 

State and Federal Government emergency plans; 

► Ensure key response personnel of critical 
infrastructure owners and operators in the 
telecommunications and electric power sectors be 
designated as Emergency Responders; 

► Include fuel supply, security, site access, and 
other required logistical support to critical 
telecommunications and electric power 
infrastructures as part of the Emergency Responder 
planning process to ensure priority restoration to 
critical telecommunications and electric power; 

► Foster and promote effective emergency coordination 
structures to ensure reliable and robust 
communication between the two sectors and local, 
regional. State, and Federal Governments; 

• Review examples of proven priority restoration 
models at the State and regional levels. 
Encourage States and metropolitan regions 
without effective models to improve and update 
their existing frameworks; and 

• Encourage effective information sharing models 
at the local/regional Emergency Responder 
level, both in advance of a natural disaster and 
during the emergency restoration period. When 
developing these models, liability issues should 
be considered. 
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Throughout 2006, the NSTAC continued its 
examination of long-term interdependency issues. 
Specifically, the NSTAC defined the “long-term outage” 
(LTO) phenomenon—an interruption of 
communications and/or electricity for a period long 
enough, and within a large enough geographic region, 
to hamper the provision of telecommunications and 
electric power even by alternative means. Such an 
outage has not occurred in North America to date, but 
could occur in any critical Infrastructure and. In the 
worst case, have a cascading effect on other sectors. 
The NSTAC focused its research on an evaluation of 
technological Interdependencies that will affect 
telecommunications networks in the future. Based on 
its investigation of the LTO phenomenon, the NSTAC 
issued its final report. The NSTAC Report to the President on 
Telecommunications and Electric Power Interdependencies: The 
Implications of Long-Term Outages, in December 2006. 

In the report, the NSTAC recommended that the 
President direct his departments and agencies to: 

► Commission a Government-funded, cross sector 
and cross border engineering analysis of the 
North American telecommunications and electric 
power infrastructures, with attention given to 
further international considerations, to determine 
the interdependencies in LTO situations for both 
the current and the next generation network 
environment, and to estimate the attendant costs 
of mitigation strategies, including the following: 

• Investigating how dependencies and 
interdependencies will be affected by 
technology and structural changes In 
both sectors; and 

• Supporting exercises at the local. State, 
regional, national, and international level 
that investigate the dependencies and 
interdependencies between the two sectors 
during an LTO. 

► Analyze and evaluate current governance 
procedures applicable to an LTO to determine the 
appropriate transition from local to national 
management authority during an LTO. Internet 
recovery issues (as they relate to the convergence 
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of the telecommunications network) should also 
be reviewed, but such a review should not be 
limited to an LTO event. 

► To reduce dependencies between the sectors and 
maintain a minimum level of internal service 
availability during an LTO, vigorously support 
selected science and technology applications, 
including the following: 

• Transformer Prototype Technology, 

• Power Conservation Technology for 
Telecommunications, and 

• Fuel Cell Technology. 

► In concert with industry, support the advent and 
development of cross sector situational analysis 
tools to facilitate information sharing between 
industry and Government in advance of, during, 
and after an LTO. 

► As stated in the NSTAC Report to the President on People 
and Processes: Current State of Telecommunications and 
Electric Power Interdependencies, continue to promote 
increased collaboration between both the 
telecommunications and electric power sectors 
and emergency management authorities at the 
local, regional. State, national, and international 
levels to facilitate recovery from an LTO. 

Actions Resulting from NSTAC Recommendations 

In response to the devastation caused by Hurricanes 
Katrina, Rita, and Wilma, the Federal Communications 
Commission established the Independent Panel 
Reviewing the Impact of Hurricane Katrina on 
Communications Networks. In Its final report, the Panel 
expressed support for the NSTAC’s recommendation to 
establish a national standard for credentialing 
telecommunications repair workers as well as its 
recommendation to designate telecommunications 
infrastructure providers as “emergency responders” 
under the Robert T. Stafford Disaster Relief and Emergency 
Assistance Act (Stafford Act), the NRP (now the NRF), and 
other legislative documents as appropriate. 
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Access, security, and fuel support for industry essential 
service providers (ESP) is included in the Emergency 
Support Eunction (ESF) 2—Communications Annex 
of the NRE 

Furthermore, Section 607 of the Security and Accountability 
for Every Port Act of2006, which President George W. Bush 
signed into law on October 13, 2006, amended the 
Stafford Act by providing a list of essential services whose 
providers may be defined as ESPs. The Act listed 
privately owned telecommunications among those 
services, and declared that Federal agencies may not 
prevent ESPs from accessing disaster sites or otherwise 
impede their efforts to conduct response and recovery 
of the telecommunications infrastructure “to the greatest 
extent possible.” While the measure partially addresses 
the NSTAC's concern about site access. It does not 
clarify that telecommunications infrastructure providers 
may have access to non-monetary Federal resources 
during and following a disaster. ESPs include both 
telecommunications and electric power professionals. 

Additionally, the Department of Homeland Security, in 
partnership with Federal, State, and local Government 
entities, as well as a private sector company, developed 
an access SOP to ensure that private critical 
infrastructure responders receive priority access to 
disaster areas. Out of state telecommunications and 
electric power service providers must meet the same 
criteria as local service providers, including placement 
on the authorized list or having appropriate credentials. 
The access SOP had been adopted by the State of 
Georgia and will be used a model for other States. 

In an effort to engage State and local emergency 
managers, NOS Regional Managers and Regional 
Communications Coordinators are involved In regional 
committees, working groups, and planning efforts, 
such as the Federal Emergency Management Agency 
Regional Interagency Steering Committee meetings 
and Regional Emergency Communications 
Coordinator Working Group meetings. Through these 
forums, the NOS is working to ensure planning efforts 
include access, security, and fuel; and compile 
existing plans that deal with these issues. The NOS is 
posting the plans and procedures on the Homeland 
Security Information Network so that industry 
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partners can ensure their ESPs satisfy requirements 
to receive appropriate designations and are granted 
access to incident areas. The NCS is also 
coordinating with ESF-13, Public Safety and Security, 
and the Office of Infrastructure Protection’s regionally 
based Protective Security Advisors to address access, 
security, and fuel issues and provide input into their 
planning documents. 

In July 2007, the NCS Committee of Principals (COP) 
established the Communications Dependency on 
Electric Power Working Group (CDEP WG) in 
response to recommendations in the President’s 
NSTAC Report on Telecommunications and Electric Power 
Interdependencies. As one of its activities, the CDEP WG 
sponsored an LTO Workshop on April 8-9, 2008, to 
examine the dependencies and interdependencies 
between the communications and electric power 
sectors and to shape the scope of a future 
Government engineering analysis. The Workshop 
was organized into five topic areas covering ten task 
areas being investigated by the CDEP WG. Attendees 
drafted recommendations during the Workshop on 
governance, science and technology research and 
development, the electric industry approach to 
LTO prevention and recovery, situational analysis 
tools, collaboration between the power and 
telecommunications sectors during an LTO, and 
planning of an LTO in National exercises. The CDEP 
WG will use the results of the workshop In drafting Its 
final report to the COP. 

The COP also established the Technical Assistance 
Team to build communications injects into NCS and 
COP member entities’ exercise programs, which will 
likely include activities surrounding the need to 
facilitate access, security, and fuel for industry ESPs. 

Reports Issued 

Electromagnetic Pulse Task Eorce Status Report, January 1984. 

Electromagnetic Pulse Pinal Task Eorce Report, July 1985. 

Telecommunications Systems Sun/ivability Electric Power Survivability 
Status Report. Energy Task Eorce Final Report, August 1988. 
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Report on Earthquake Hazards, June 1989. 

Energy Task Eorce Etna!Report, February 1990. 

Energy Task Eorce Etna! Report Telecommunications Electric 
Service Priority and National Energy Strategy Review, April 1993. 

The NSTAC Report to the President on People and Processes: 
Current State of Telecommunications and Electric Power 
Interdependencies, Januaiy 2006. 

The NSTAC Report to the President on Telecommunications and 
Electric Power Interdependencies: The Implications of Long-Term 
Outages, December 2006. 
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Enhanced Call Completion 

Investigation Group / Period of Activity 

Industry Executive Subcommittee (lES) Funding and Regula¬ 
tory Working Group (FRWG) 

(Assured access) 

June 1990 - September 1990 

(Regulatory aspect of call-by-call preferential treatment) 

July 1993 - December 1993 

Enhanced Call Completion (ECC) Task Force 

December 1990 - July 1992 

ECC Ad Hoc Group 

July 1992 - August 1993 

Issue Background 

Following its reactivation after NSTAC XI, the NSTAC 
lES tasked the FRWG to investigate NS/EP issues 
affecting assured access to the public switched 
network (PSN). During FRWG discussions with the 
Government, the group agreed that assured access 
was only one component of the Government’s need 
for enhanced NS/EP call completion. The group 
defined assured access as priority access to, 
transportation through, and egress from the PSN for 
NS/EP users when portions of the PSN were either 
physically isolated or too congested to permit 
unhindered access and call completion. 

The FRWG prepared a study addressing the 
regulatory and technical components of assured 
access. The study reported that at its initial meeting, 
the FRWG concluded that the Government required 
enhanced call completion for NS/EP traffic. The 
FRWG members agreed, however, thaf fhey must 
further define the technical features of the issue 
before identifying regulatory issues. 

On Augusf 22, 1990, the FRWG recommended that 
it establish an ECC Task Force to determine how 
existing and evolving technologies could best be 
exploited to enhance the priority access, transport, 
and egress of NS/EP traffic. The FRWG’s study also 
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stated that the proposed task force should evaluate 
the Intelligent Networks Task Force Final Report and 
recommendations, and coordinate its efforts with 
those of the OMNCS to avoid duplication. 

Eollowing the ERWG’s investigation of issues affecting 
assured access to the PSN by NS/EP callers and its 
subsequent recommendations, the NSTAC, at its 
December 13, 1990, meeting charged the lES to 
establish a task force to review the issue of 
enhancing call complefion for NS/EP users during 
periods of congesfion. Specifically, fhe lES directed 
the task force to identify technical approaches and to 
recommend a plan of action for obtaining enhanced 
call completion in both the near and longterm. 

The ECC Task Eorce studied existing and evolving 
technologies that would provide the NS/EP user PSN 
access and call completion without interruption, with 
minimum delay, and on a preferential basis during 
network damage or congestion. During its 18-month 
investigation, the task force idenfified 26 current or 
planned enhanced call completion features and 
defined their NS/EP application, availability, and 
acquisition procedures. The task force also 
determined the importance of the Fligh Probability of 
Call Complefion (FiPC) standard in implementing an 
NS/EP call identifier to provide call-by-call preferential 
treatment and to enhance existing PSN features. 

At the July 17, 1992, NSTAC XIV Meeting, members 
approved the ECC Task Force's report for forwarding 
to the President, the two proposed recommendations 
to the President, and the proposed NSTAC XIV 
charges to the lES. In response to these charges, the 
lES deactivated the ECC Task Force and established 
an ad hoc group to work with the Government to: 

► Advocate and support approval of the FIPC 
standard, investigate potential ECC regulatory 
issues with the ERWG and implement ECC 
network capabilities. 

At the August 2, 1993, lES Meeting, members 
approved the deactivation of the ECC Ad Hoc Group, 
which had completed its work. The group served as 
a forum for issues such as cellular priority access, 
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preferential access for North Atlantic Treaty 
Organization countries, and future broadband 
services. It assisted the Government in its effort to 
obtain approval of the HPC standard—published as 
American National Standards Institute T1.631 in 
August 1993. The group also worked closely with the 
Government to develop ECC features demonstration 
scenarios. It met with the GETS integrator and 
Government contractors to discuss demonstration 
plans and scenarios. 

As part of its charge to inform the Government about 
ECC services affecting the National Level NS/EP 
Telecommunications Program initiatives, the group 
assisted the Government in developing educational 
materials such as the ECC Services Cost/Benefit Analysis 
Report, and the 1993 National Communications System 
(NCS) Member Agency Telecommunications Enhancement 
Handbook. The group worked with the Government in 
addressing potential regulatory impediments to 
implementing enhanced call completion services. 

It framed and defined significant elements in the 
call-by-call preferential treatment issue before 
forwarding the issue to the ERWG for its action. 

In July 1993, the ERWG responded to an April 14, 
1993, memorandum to the NCS Executive Agent 
directing the NCS to work with the ERWG to 
investigate potential regulatory issues arising from 
the implementation of enhanced call completion 
attributes for NS/EP activities. The ERWG explored 
whether the prohibition of undue preferences in 
Section 202(a) of the Communications Act of 1934, 
as amended, required a specific ECC regulation 
authorizing the provision of priority calling features to 
NS/EP users of the PSN. 

The ERWG determined ECC approval of preferential 
treatment would benefit both industry and 
Government. Eollowing lES approval, the OMNCS 
forwarded a letter to the ECC requesting that the 
Commission issue an opinion regarding whether 
common carriers may provide call-by-call priority 
service for connecting emergency calls over the public 
switched network. The ECC responded by issuing a 
Public Notice on January 7, 1994, which requested 
that public comments be filed with the Commission by 
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February 15, 1994, and that reply comments be filed 
by March 1, 1994. The OMNCS filed reply comments 
with the ECC on March 1, 1994, requesting that the 
Commission issue a favorable opinion. 

On August 30, 1995, the ECC responded to the 
OMNCS regarding the call-by-call priority issue. In Its 
letter, the ECC stated that the request for declaratory 
ruling filed on November 29, 1993, was moot 
because lawful tariffs implementing the federally 
managed GETS program had gone into effect. 
Call-by-call priority Is a feature of the GETS program. 
Therefore, the ECC dismissed the petition for 
declaratory ruling without prejudice. 

History of NSTAC Actions and Recommendations 

On December 13, 1990, NSTAC XII charged the lES 
to establish the ECC Task Force as a result of the 
FRWG’s investigation of assured access issues. 

On July 17, 1992, NSTAC members approved the 
ECC Task Force’s report for forwarding two proposed 
recommendations to the President: 

► The Government should take the following steps 
to enhance call completion for NS/EP users: 

• Take advantage of existing and emerging 
services, features, and capabilities in the PSN 

• Continue to support the near-term adoption of 
the HPC standard by the Exchange Carriers 
Standards Association T1 Committee 

• Investigate the NS/EP advantages of a calling 
name delivery service 

• Work with NSTAC’s ERWG to investigate 
potential regulatory issues 

• Sponsor industry ECC forums to further define 
ECC and resolve Implementation Issues. 

► The Government should use the ECC Task Force 
report as a reference for modifying or 
implementing current or future services and 
technologies. In response to NSTAC XIV charges. 
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the lES established the ECC Ad Hoc Group. On 
August 2, 1993, lES members deactivated the 
ECC Ad Hoc Group. 

Actions Resulting from NSTAC Recommendations 

In response to an NSTAC XIV recommendation from 
the ECC Task Force, the White House issued a 
memorandum to the NCS Executive Agent on Aprii 
14, 1993, directing the NCS to work with the FRWG to 
investigate potentiai reguiatory issues arising from the 
implementation of ECC attributes for NS/EP activities. 
The FRWG sought to clarify whether prohibitions of 
undue preferences in the Communications Act of 1934 
required a specific ECC regulation to authorize the 
provision of priority caiiing features to NS/EP users of 
the public switched network. The ECC resolved the 
issue on August 30, 1995, when the ECC informed 
the GMNCS of its decision regarding the cali-by-call 
priority issue. 

Reports Issued 

Assured Access issue Paper, October 13,1989. 

Report on the FRWG Review of Assured Access, November 7,1990. 

Finai Report of the Enhanced Cait Compietion (ECC) 

TaskEorce, July 1992. 

Einat Report of the Enhanced Cati Compietion (ECC) 

Ad Hoc Group, December 1993. 
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Financial Services 

Investigation Group / Period of Activity 

Financial Services Task Force (FSTF) 

March 2003-April 2004 

Issue Background 

In November 2002, the Federal Reserve Board 
(FRB) and BITS—a nonprofit industry consortium of 
the 100 largest financial institutions in the United 
States that focuses on issues related to security, 
crisis management, e-commerce, payments, and 
emerging technologies—briefed the lES of the 
NSTAC on the significant dependence of the 
financial services (FS) sector on the 
telecommunications infrastructure to support core 
payment, clearance, and settlement processes of 
financial institutions. Given that dependence, 
disruption of telecommunications services could 
hamper critical financial services processes, 
potentially affecting the national economy. To 
minimize operational risks and ensure the timely 
delivery of critical financial services, the FRB 
recommended that the NSTAC analyze 
telecommunications infrastructure issues pertaining 
to network redundancy and diversity. 

The NSTAC, therefore, established the FSTF to 
conduct the analysis during NSTAC Cycle XXVII. 

History of NSTAC Actions and Recommendations 

The FSTF emphasized that the concept of resiliency 
and its components of diversity, redundancy, and 
recoverability are critical to understanding some of the 
NS/EP issues currently challenging the FS and 
telecommunications industries. The taskforce 
acknowledged that it is imperative for the FS sector to 
maintain diversity as a component of resiliency. The 
primary challenges identified by the FSTF with respect 
to diversity were the failure of critical services resulting 
from loss of diversity; the ability to ensure that diversity 
is predictable and continually maintained; and the 
potential for lack of clear understanding of terms and 
conditions in telecommunications contracts or tariffs 


2006-2007 NSTAC Issue Review ► PREVIOUSLY ADDRESSED ISSUES 


(and the potential for resulting confusion when 
financial services institutions establish business 
continuity plans). 

The FSTF recognized that without a real-time 
process to guarantee that a circuit’s path or route is 
static and stable, an NS/EP customer cannot be 
assured at all times that the diversity component of 
the resiliency plan will retain its designed 
characteristics. Flowever, the telecommunications 
infrastructure was designed and engineered based 
on a business model directed at the general public. 
When necessary, networks have been modified or 
developed to meet specific needs at the customer 
level except where limited by the available 
technology or a customer’s willingness to purchase 
unique requirements. 

The FSTF emphasized that all interested parties 
should support research and development activities 
for improving managed network solutions and 
alternative technologies as a potential means for 
achieving high resiliency for the FS customer base. 
Targeted capital incentives should also be considered 
as a tool to encourage critical infrastructure owners, 
including the FS sector, to make the necessary 
investments to mitigate telecommunications 
resiliency risks to their business operations. 
Appropriately structured capital recovery incentives 
for critical business operations could be used to 
accelerate immediate investments to mitigate 
vulnerabilities to critical NS/EP operations. 

The FSTF also noted that when different business 
continuity strategies cannot fully guarantee 
operational sustainability, specifically engineered and 
managed efforts might be required. The degree of 
assurance that a business operation deems 
adequate to achieve a high level of resiliency will 
dictate the decisions and the appropriate approach 
to be pursued. To that end, the task force concluded 
that cross-sector assessments or customer-provider 
assessments would remain useful tools to facilitate 
better understanding of the need for resiliency. 
Indeed, FSTF members acknowledged the 
importance of promoting mutual understanding 
among the FS and telecommunications sectors to 
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effectively address NS/EP-related issues. Both 
sectors pledged to continue in their efforts to engage 
members of their communities, as well as the public 
sector, in a constructive dialogue to foster mutual 
understanding of their operations and unique needs. 
Furthermore, the framework that the FSTF developed 
to analyze the dependencies of the FS sector on the 
telecommunications industry could be adapted to 
conduct risk assessments of other critical 
infrastructures. 

On the basis of the FSTF report, the NSTAC 
recommended that the President: 

► Support the Alliance for Telecommunications 
Industry Solutions’ (ATIS) National Diversity 
Assurance Initiative and develop a process to: 

• Examine diversity assurance capabilities, 
requirements, and best practices for critical 
NS/EP customers and, where needed 

• Promote research and development to 
increase resiliency, circuit diversity, and 
alternative transport mechanisms. 

► Support financial services sector initiatives 
examining: 

• The development of a feasible “circuit-by-circuit” 
solution to ensure telecommunications 
services resiliency 

• The benefits and complexities of aggregating 
sectorwide NS/EP telecommunications 
requirements into a common framework to 
protect national economic security. 

► Coordinate and support relevant cross-sector 
activities {e.g., standards development, research 
and development, pilot initiatives, and exercises) in 
accordance with guidance provided in Homeland 
Security Presidential Directive 7 (HSPD-7). 

► Provide statutory protection to remove liability and 
antitrust barriers to collaborative efforts when 
needed in the interest of national security. 
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► Continue to promote the Telecommunications 
Service Priority program as a component of the 
business resumption plans of financial services 
institutions. 

► Promote research and development efforts to 
increase the resiliency and the reliability of 
alternative transport technologies. 

► Examine and develop capital investment recovery 
incentives for critical infrastructure owners, 
operators, and users that invest in resiliency 
mechanisms to support their most critical NS/EP 
telecommunications functions. 

Actions Resulting from NSTAC Recommendations 

In response to the FSTF report, ATIS agreed to work 
with the FRB on an in-depth assessment of diversity 
assurance. A final report on the assessment was 
completed in February 2006. Representatives from 
ATIS also visited the lES to brief them on the findings 
and recommendations discussed in the assessment. 

Reports Issued 

Financial Services Task Force Report, April 2004. 
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Funding of NSTAC Initiatives 


Actions Resulting from NSTAC Recommendations 

The FRWG (reconvened March 1990) reviewed the 
NSTAC funding methodoiogy and worked with the 
Enhanced Cail Completion Task Force to develop 
an order-of-magnitude cost model for use by all 
task forces. 


Investigation Group / Period of Activity 


Funding of NSTAC Initiatives (FNI) Task Force 

April 1984 - December 1984 


Reports Issued 


Issue Background 


NSTAC Funding Methodology, October 25,1984. 


On April 3, 1984, the NSTAC agreed to address the 
funding of NSTAC initiatives issue to determine the 
costs and benefits associated with its 
recommendations to the Government. The purpose 
of FNI was to guide and prioritize NSTAC actions. In 
August 1984, the FRWG established the FNI Task 
Force to investigate approaches to NSTAC funding 
mechanisms. 

History of NSTAC Actions and Recommendations 

On December 12, 1984, the NSTAC approved the 
funding methodology developed by the FNI Task 
Force and instructed the lES to: 

► Adopt the methodology developed by the FNI 
Task Force; 

► Issue the funding methodology as guidance to all 
existing and future task forces; and 

► Direct all task forces to determine costs, benefits, 
and applicable funding mechanisms for each 
recommended initiative. 

The NSTAC instructed all NSTAC task forces and 
working groups to apply the FNI funding 
methodology to the recommendations they 
developed. The FRWG assists all active and future 
NSTAC task forces, when necessary, in providing 
cost/benefit estimates and proposed funding 
mechanisms for all recommended initiatives using 
the guidelines from the funding report. 


73 



The President’s National Security Telecommunications Advisory Committee 


Globalization 


Investigation Group / Period of Activity 

National Information Infrastructure (Nil) Task Force 

August 1993 - March 1997 

Operations Support Group (OSG) 

April 1997 - September 1999 

Information Infrastructure Group (MG) 

April 1997 - September 1999 

Globalization Task Force (GTF) 

September 1999 - May 2000 

Issue Background 

In 1993, the NSTAC established an Nil Task Force 
and charged It with examining the implications of 
the evolving U.S. information infrastructure for 
NS/EP communications. The Nil Task Force 
observed that the Nil’s connectivity to the emerging 
Global Information Infrastructure (Gil) potentially 
presented both opportunities and risks for NS/EP 
communications. In its March 1997 report to 
NSTAC XIX, the Nil Task Force concluded that the 
pervasive and rapidly evolving nature of the Gil 
necessitated a continuing effort by NSTAC task 
forces and working groups to track the Gil’s 
implications for NS/EP communications. 

As a result, the NSTAC lES tasked the OSG in 
April 1997 to monitor the U.S. information 
infrastructure’s global interfaces, because of the 
potential for increased vulnerabilities adversely 
affecting the national interest. Specifically, the OSG 
gathered information on the International 
Telecommunication Union’s Global Mobile Personal 
Communications by Satellite Memorandum of Understanding. 

In October 1998, the lES tasked the IIG to conduct 
a forward-looking analysis of the Gil and associated 
NS/EP opportunities and challenges. 
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During a reorganization of the IBS and its working 
group structure in September 1999, the lES 
formed the GTF to continue to address the Gil 
issue. Specifically, the lES tasked the GTF with 
developing a “picture” of the Gil in 2010, 
identifying NS/EP issues. The GTF was also given 
two additional tasks that were global in scope: 
assessing the security implications of foreign 
ownership of telecommunications networks and 
examining export policies dealing with the transfer 
of strong encryption products, satellite technology, 
and high-performance computers. 

During the NSTAC XXII and XXIII cycles, the IIG and 
GTF researched and gathered information from 
industry and Government experts on emerging 
space-, airborne-, and land-based communications 
systems and services. These information gathering 
activities provided the GTF with the insights needed 
to characterize the Gil in 2010 and draw conclusions 
about NS/EP telecommunications preparedness. 

Drawing on these insights, the GTF was able to 
describe what physical network elements, services, 
and protocols might be prominently featured in 
2010, paying specific attention to the global 
homogenization of communications capabilities, 
expected improvements to quality of service and 
network assurance, and the ubiquity and availability 
of advanced communications technologies as 
pertaining specifically to NS/EP users. The GTF 
documented its analysis in its May 2000 report to 
NSTAC XXIII. Based on that analysis, the NSTAC 
recommended that the President direct appropriate 
departments and agencies to: 

► Conduct exercises in those areas and 
environments in which NS/EP operations can be 
expected to take place to ensure that the required 
high-capacity, broadband access to the Gil is 
available; and 

► Ensure that NS/EP requirements, such as 
interoperability, security, and mobility, are 
identified and considered in standards and 
technical specifications as the Gll evolves to 2010 
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and identify any specialized services that must be 
developed to satisfy NS/EP requirements not 
satisfied by commercial systems. 

In addition, the LRWG assisted the GTE in assessing 
the security implications of foreign ownership of 
telecommunications networks. The LRWG examined 
domestic regulatory history and conducted analyses 
of several mergers and acquisitions between 
domestic and foreign telecommunications carriers. 
Through the case studies, the group found that the 
current regulatory structure satisfied the different 
interests of the parties involved. The LRWG 
concluded that it was unclear whether further 
statutory or regulatory changes would effectively 
enhance the role of national security issues in 
foreign ownership situations at this time. The GTE 
May 2000 report to NSTAC XXIII includes the LRWG 
analysis of the issue. 

Based on the GTF’s report, the NSTAC 
recommended that the President: 

► Ensure that the review process for commercial 
arrangements Involving foreign ownership remains 
adequate to protect NS/EP concerns as the 
environment evolves and becomes more complex. 

Lastly, addressing technology export, the GTE 
complied some basic information on the key 
technology export issue areas. Given that technology 
progresses faster than export policy can keep up with 
it, the GTE recommended continued monitoring of 
developing export policies and regulations. The GTE 
also investigated guidelines to assist companies in 
understanding Government approval of technology 
sales. The GTE completed its tasking to scope the 
issue of technology export, concurring with the 
Government’s efforts to periodically reevaluate the 
limits placed on the export of technologies. 
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Reports Issued 

National Information Infrastructure Task Force Report, 

March 1997. 

Operations Support Group Report, September 1998. 

Information Infrastructure Group Report, June 1999. 

Globalization Task Force Report, May 2000. 

Global Infrastructure Report, May 2000. 

Paper on Foreign Ownership: Telecommunications and 
NS/EP Implications, May 2000. 


76 


The President’s National Security Telecommunications Advisory Committee 

Industry/Government Information 
Sharing and Response 

Investigation Group / Period of Activity 

National Coordinating Center for Telecommunications 
(NCC) Vision Task Force 

October 1996 - April 1997 

Operations Support Group (OSG) 

April 1997 - September 1999 

Information Sharing/Critical Infrastructure Protection 
(IS/CIPTF)Task Force 

September 1999 - May 2000 

Issue Background 

The NSTAC formed the National Coordinating 
Mechanism (NCM) Task Force in December 1982 to 
facilitate industry/Government response to the 
Government’s growing NS/EP telecommunications 
service requirements in the post-divestiture 
environment. The task force submitted its final report, 
the tICMImplementation Plan, to the NSTAC on January 
30, 1984. That report led to formation of the NCC, an 
emergency response coordination center that 
supports the Government’s NS/EP 
telecommunications requirements. 

Since 1984, threats to the NS/EP 
telecommunications infrastructure changed 
significantly. In response, the NSTAC lES established 
the NCC Vision Task Eorce in October 1996 to 
consider the implications of the new environment for 
the functions performed by the NCC. The lES 
charged the task force to determine whether the 
mission, organization, and capabilities of the NCC 
were still valid, considering the ongoing changes in 
technology, industry composition, threats, and 
requirements. Following the lES group reorganization 
in April 1997, the task force became the NCC Vision 
Subgroup and later the NCC Vision-Operations 
Subgroup under the OSG. 
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In 1997, the NSTAC also revisited the original 
concept for an industry/Government mechanism to 
coordinate planning, information sharing, and 
resources in response to NS/EP requirements. 

Unlike the original NCM plan that applied to the 
telecommunications infrastructure, this revised NCM 
concept involved linking all the Nation’s critical 
infrastructures [e.g., telecommunications, financial 
services, electric power, and transportation). In July 
1997, the OSG created the NCM Subgroup to 
explore the need for and feasibility of an NCM 
across infrastructures. 

In May 1998, the President released PDD-63, a 
critical infrastructure protection directive calling for, 
among other things, industry participation in the 
Government’s efforts to ensure the security of the 
Nation’s infrastructures. As it continued to refine the 
NCM concept, the NCM Subgroup considered this 
Government initiative. 

In September 1998, the OSG formed the Year 2000 
(Y2K) Subgroup to address several Y2K issues raised 
at the NSTAC XXI meeting, including the need for 
Y2K outreach efforts, the need to emphasize 
contingency planning and restoration scenarios, the 
potential for public overreaction to the Y2K problem, 
and the lack of a global approach to handle Y2K 
problems that were international in scope. The effort 
was a continuation of earlier efforts by the NCC 
Vision-Operations Subgroup, which began a study of 
the NCC’s operational readiness and coordination 
capabilities for potential public network disruptions 
caused by the Y2K problem. 

Following NSTAC XXII the lES tasked the OSG to 
examine potential lessons learned from Y2K 
experiences that could be applied to critical 
infrastructure protection efforts. The OSG focused on 
the experiences of the NCC to determine how its 
operations during the Y2K rollover period translated 
into functions to be performed as ISAC (in accordance 
with PDD-63). In addition the OSG continued to 
monitor enhancements to the NCC that ensured an 
electronic Indications, Assessment, and Warnings 
(lAW) capability to support the ISAC function. 
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In September 1999 following a reevaluation of NSTAC 
working groups, the lES created the IS/CIPTF to 
examine mechanisms and processes for profected, 
operational information sharing that would help 
achieve the goals of PDD-63 and further the role of 
the NCC as an ISAC for telecommunications. In 
addition, the lES directed the IS/CIPTF to continue, 
through outreach efforts, interaction with Government 
leaders responsible for PDD-63 implementation. 

History of NSTAC Actions and Recommendations 

During 1997, the NCC Vision Subgroup worked 
closely with the NCS member organizations and 
NCC industry representatives to develop a common 
framework for assessing the NCC’s ongoing role. 

The subgroup validated the original 10 NCC 
chartered functions and updated the NCC Operating 
Guidelines (both written in 1984) for the current 
operational environment. The subgroup also 
determined that an electronic intrusion incident 
information processing function could be integrated 
into the NCC's activities. In August 1997, the 
subgroup held an industry/Government tabletop 
exercise to test the draft concept of operations for 
NCC intrusion incident information processing. The 
OSG documented the subgroup’s activities and 
accomplishments in the OSG’s report to the 
December 11, 1997, NSTAC XX Meeting. 

The NSTAC approved the OSG’s NSTAC XX report 
and recommended that the President: 

► Establish a mechanism within the Federal 
Government with which the NCC can coordinate 
intrusion incident information issues and with 
which NSTAC groups can coordinate the 
development of standardized reporting criteria. 

The NSTAC also endorsed NCC implementation of an 
initial intrusion incident information processing pilot 
based on voluntary reporting by industry and 
Government. 

In 1998, the NCC modified ifs standard operating 
procedures to accommodate an electronic intrusion 
incident information processing capability. With the 
OSG’s support and assistance, the NCC began its 
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intrusion incident information processing pilot on 
June 15, 1998. The NCC Vision-Operations 
Subgroup worked closely with the OMNCS and the 
Manager, NCC, as the NCC implemented the 
intrusion incident processing pilot, which it 
completed in October 1998. In addition, the NCC 
Vision-Operations Subgroup developed a paper, the 
NCC intrusion Incident Reporting Criteria and Format Guidetines, 
to establish standardized reporting criteria and to 
outline steps in NCC electronic intrusion report 
collection, processing, and distribution. The OSG 
report to NSTAC XXI includes the paper. 

Leading up to NSTAC XX, the NCM Subgroup met 
jointly with the Information Infrastructure Group’s lA 
Policy Subgroup and produced a joint report. The 
report concluded that the revised NCM concept 
provided the framework for the Federal Government 
and the private sector to address solutions to 
infrastructure protection concerns. The OSG included 
the joint report in its full NSTAC XX report, which the 
NSTAC approved. Specifically, the NSTAC 
recommended that the President: 

► Direct the appropriate departments and agencies 
to work with the NCS and NSTAC in further 
investigating the NCM concept. 

Subsequently, IFS representatives presented the 
revised NCM concept to senior Government 
officials fo aid the Administration’s efforts to 
establish national policy on the protection of critical 
national infrastructures. 

Throughout the NSTAC XXI cycle, the OSG 
considered the infrastructure protection efforts of the 
Federal Government in conjunction with the 
enhanced role of the NCC. IFS and NCM Subgroup 
members met with members of fhe National 
Infrastructure Protection Center (NIPC) to address 
the role of indusfry in the Government’s new lA 
environment. The Government created the NIPC in 
February 1998 as a national critical infrastructure 
threat assessment, warning, vulnerability, law 
enforcement investigation, and response entity. The 
NIPC’s mission is to detect, deter, assess, warn of, 
respond fo, and invesfigate computer intrusions and 
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unlawful acts, both physical and cyber, that threaten 
or target the Nation’s criticai infrastructures. As a 
result of these meetings, the NCC and NIPC began to 
develop processes to detail the flow of information 
between the two entities. 

At the end of the NSTAC XXI cycle, the OSG 
concluded that the NCC provided a model for all 
infrastructures by which information could be 
gathered, analyzed, sanitized, and provided to the 
Government. In addition, regarding PDD-63 
implementation, the OSG concluded that more than 
one individual or entity would be needed to serve as 
the sector coordinator to represent the highly diverse 
information and communications sector. The NSTAC 
approved the OSG’s September 1998 report to 
NSTAC XXI and recommended that the President 
direct the lead departments and agencies as 
designated in PDD-63 to: 

► Consider adapting the NCC model as appropriate 
for the various critical infrastructures to provide 
warning and information centers for reporting and 
exchange of information with the NIPC through the 
NCM process; and 

► Establish an industry/Government coordinating 
activity to advise in the selection of a sector 
coordinator and provide continuing advice to 
effectively represent each critical infrastructure. 

Following NSTAC XXI, the OSG’s NCC Vision- 
Operations Subgroup worked closely with the OMNCS 
and the Manager, NCC, as the NCC continued its 
electronic intrusion incident processing function. The 
subgroup continued to assist the NCC in evaluating 
any needed revisions to the lAW reporting criteria and 
format guidelines. 

The OSG’s NCC Vision-Operations Subgroup also 
assessed whether the NCC requires additional 
industry and Government participation within the 
NCC to widen the scope of expertise and operational 
personnel available to fulfill the lAW mission. During 
the NSTAC XXII cycle, the subgroup developed a list 


2007-2008 NSTAC Issue Review ► PREVIOUSLY ADDRESSED ISSUES 


of companies and Government departments and 
agencies for the Manager, NCS, to consider as 
candidates for participation in the NCC. 

PDD-63 established the concept of an ISAC that 
would be a private sector entity responsible for 
gathering, analyzing, sanitizing, and disseminating to 
industry private sector information related to 
vulnerabilities, threats, intrusions, and anomalies 
affecting the critical infrastructures. At the end of the 
NSTAC XXII cycle, the OSG concluded that the NCC 
already performed the primary functions of an ISAC 
for the telecommunications sector and that industry 
and Government should establish it as such. 

The OSG’s Y2K Subgroup investigated domestic and 
international Y2K preparedness and contingency 
planning efforts for the telecommunications 
infrastructure. The subgroup held a number of 
informational meetings with Government 
representatives to address ongoing Y2K readiness 
and contingency planning efforts. To understand 
public concerns about the Y2K problem, the Y2K 
Subgroup also investigated the initiatives of 
grassroots Y2K community forums and those groups 
promulgating “doomsday” scenarios. The 
subgroup’s findings are included in the OSG’s 
June 1999 NSTAC XXII report. 

Based on that report, the NSTAC recommended that 
the President: 

► Direct the President’s Council on Y2K Conversion 
and the Federal Government continue providing 
timely, meaningful, and accurate Y2K readiness 
and contingency planning information related to 
the information and communications critical 
infrastructures to State and local governments, 
thereby enhancing the flow of information to the 
general public and community Y2K groups. 

Actions Resulting from NSTAC Recommendations 

The NSTAC’s support for the evolving role of the NCC 
helped pave the way for the establishment of the 
NCC as an ISAC for telecommunications under the 
provisions of PDD-63. During 1997, the NSTAC 
advocated and later endorsed the NCC’s 
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implementation of an electronic intrusion incident 
reporting capability based on voluntary reporting by 
industry and Government. In January 2000, the 
National Security Council agreed with the NSTAC’s 
1999 conclusion that the NCC was performing the 
primary functions of an ISAC. In March 2000, the 
NCC formally achieved initial operating capability as 
an ISAC for the telecommunications sector. 

Following the October 21, 2004, Principals 
Conference Call, the NSTAC formed the National 
Coordinating Center Task Force (NCCTF) to examine 
the future mission and role of the NCC. Please see 
the NCC section in the Active Issues section of this 
NSTAC Issue Review for further information. 

Reports Issued 

Operations Support Group Report, December 1997. 

Information Assurance: A Joint Report of the lA Policy Subgroup of 
the Information Infrastructure Group and the NCM Subgroup of 
the Operations Support Group, December 1997. 

Operations Support Group Report, September 1998. 

Operations Support Group Report, June 1999. 


80 


The President’s National Security Telecommunications Advisory Committee 


2006-2007 NSTAC Issue Review ► PREVIOUSLY ADDRESSED ISSUES 


Industry Information Security Reports issued 


Investigation Group / Period of Activity 

Industry Information Security (IIS) Task Force 

August 1986 - September 1988 

Issue Background 

Based on widespread concern within the Government 
regarding the protection of sensitive but unclassified 
information, the President requested that the NSTAC 
identify initiatives that would facilitate the protection 
of sensifive information processing systems. On 
August 19, 1986, the NSTAC lES established the IIS 
Task Force to develop industry’s perspective on the 
issue. The original IIS Task Force defined and 
idenfified sensitive information categories, the 
relationship between telecommunications and 
automated information systems, an analysis 
methodology, and areas for further investigation. The 
lES then established a follow-on IIS Task Force to 
improve information security in telecommunications 
and automated information systems. The IIS Task 
Force submitted its final reporf to the NSTAC on 
September 22, 1988. It contained 10 conclusions 
and eight recommendations. The NSTAC approved 
the report and forwarded it to the President. 

History of NSTAC Actions and Recommendations 

On September 22, 1988, the NSTAC approved 
the IIS Task Force final reporf and forwarded it to 
the President. 

Actions Resulting from NSTAC Recommendations 

The NSA continued and expanded the Protected 
Communication Zone program. NSA developed 
standardized encryption modules for terminal unit 
platforms and reendorsed the Data Encryption 
Standard algorithm. Federal agencies continued the 
information security education program. 


The IIS Task Force Report, Volume I, November 1986. 

The IIS Task Force Report, Volume II, Appendices, November 1986. 

Status Report of the IIS Task Force, October 1987. 

Final Report of the IIS Task Force—Industry Information 
Protection, Volume I, June 1988. 

Final Report of the IIS Task Force—Industry Information 
Protection, Volume If Appendices, June 1988. 

Final Report of the IIS Task Force Industry Information 
Protection, Volume III, Annotated Bibliography, June 1988. 
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Influenza Pandemic 

Investigation Group / Period of Activity 

Pandemic Study Group 

July 2006 - January 2007 


Issue Background 

An influenza pandemic has the potential to present 
an array of threats to the integrity of the Nation’s 
communications system. Widespread contagion 
could incapacitate vital service workers and 
quarantine requirements could generate network 
overloads as a result of mass telecommuting. 
Therefore, contingency planning is key to the 
survivability of necessary national security and 
emergency preparedness (NS/EP) services. 

History of NSTAC Actions and Recommendations 

At the request of the National Infrastructure Advisory 
Council (NIAC), and In response to a joint Department 
of Homeland Security and Department of Health and 
Human Services appeal for assistance, the President’s 
National Security Telecommunications Advisory 
Committee (NSTAC) worked in partnership with the 
council to develop guidance for the Government on 
critical services that must be maintained across the 
Nation’s infrastructures in the event of a pandemic. 
Consequently, the NSTAC undertook the responsibility 
to formulate prioritization recommendations for the 
telecommunications infrastructure so that NS/EP 
services that rely heavily on the sector can remain 
stable and usable under any circumstances. 

Reports Issued 

The Prioritization of Critical Infrastructure for a Pandemic 
Outbreak in the Untied States Working Group (NIAC Report), 
January 2007. 
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Information Assurance 


Investigation Group / Period of Activity 

Information Assurance Task Force (lATF) 

May 1995-April 1997 

Information Infrastructure Group (MG) 

April 1997 - September 1999 

Financial Services Task Force (FSTF) 

March 2003-April 2004 

Issue Background 

At the NSTAC XVII Meeting, the Director of the National 
Security Agency briefed the NSTAC Principals on 
threats to U.S. infrastructures. In the ensuing months, 
the NSTAC's Issues Group sponsored a number of 
meetings with representatives from the national security 
community, law enforcement, and civil departments 
and agencies to discuss information warfare (defensive) 
and lA issues. Atfhe May 15, 1995, lES Working 
Session, fhe members approved establishing the lATF 
to serve as a focal poinf for lA issues. More specifically, 
the lES charged the I ATE to cooperate with the U.S. 
Government to identify critical national infrastructures 
and their importance to the national interest, schedule 
elements for assessment, and propose lA policy 
recommendations to the President. 

The lATF worked closely with industry and 
Government representatives to identify crifical 
national infrastructures and ultimately selected three 
for study: electric power, financial services, and 
transporfation. To address the distinctive 
characteristics of those infrastructures, the lATF 
established three risk assessment subgroups to 
examine each infrastructure’s dependence on 
information technology and the associated lA risks to 
its information systems. Following NSTAC XIX, the 
lES renamed the lATF the IIG and gave it the mission 
to continue acting as the focal poinf for NSTAC lA 
and CIP issues. 
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In investigating lA/CIP issues, the IIG worked closely 
with the President's Commission on Critical 
Infrastructure Protection and other Federal 
organizations concerned with examining physical and 
cyber threats to the Nation’s critical infrastructures. 
Federal efforts in this arena culminated with the 
release of presidenfial policy guidance—PDD 63, 
Critical Infrastructure Protection, May 22, 1998. 
Subsequenfly, PDD-63 implemenfafion became a 
focal poinf for fhe IIG’s activities. 

History of NSTAC Actions and Recommendations 

The lATF’s Electric Power Risk Assessment Subgroup 
completed its lA risk assessment report in 
preparation for the March 1997 NSTAC XIX Meeting. 
In compiling information for this report, the Electric 
Power Risk Assessment Subgroup met with 
representatives from eighf elecfric utilities, two 
industry associations, an electric power pool, 
equipment manufacturers, and numerous industry 
consultants. Based on these interviews, the 
subgroup assessed the extent to which the 
infrastructure depends on information systems and 
how associated vulnerabilities placed the electric 
power industry at increased risk to denial-of-service 
attacks. Based on the subgroup’s findings, the 
NSTAC recommended that the President: 

► Assign the appropriate department or agency to 
develop and conduct an ongoing program within 
the electric power industry to increase the 
awareness of vulnerabilifies and available or 
emerging solutions; 

► Establish an NSTAC-like advisory committee to 
enhance industry/Government cooperation 
regarding regulatory changes affecting electric 
power; and 

► Provide threat information and consider providing 
incentives for industry to work with Government to 
develop and deploy appropriate security features 
for the electric power industry. 

The IIG’s Financial Services Risk Assessment 
Subgroup submitted its final recommendations in a 
report to NSTAC XX in December 1997. In compiling 
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information for this report, the Financial Services 
Risk Assessment Subgroup conducted confidential 
interviews with institutions representing money 
center banks, securities credit firms, credit card 
associations, third-party processors, industry utilities, 
industry associations, and Federal regulatory 
agencies responsible for industry oversight. The 
subgroup found that industry organizations treated 
security measures as fundamental risk controls—that 
a system of independent, mutually reinforcing 
checks and balances within critical systems and 
networks was unique to the financial services 
industry, providing a high level of integrity. The 
subgroup concluded that at the national level the 
industry was sufficiently protected and prepared to 
address a range of threats. Flowever, the subgroup 
identified security implications and potential 
vulnerabilities associated with the industry’s 
dependence on the telecommunications 
infrastructure being subjected to deregulation, the 
integration of dissimilar information systems and 
networks resulting from mergers and acquisitions, 
and the introduction of Web-based financial services. 
Based on the Financial Services Risk Assessment Report, 
the NSTAC recommended that the President: 

► Assign to the appropriate department or agency 
the mission of identifying external threats and risk 
mitigation to the financial services infrastructure, 
facilitating the sharing of information between 
industry and Government; 

► Assign the appropriate department or agency the 
task of working with the private sector to develop 
a mutually agreeable solution for effective 
background investigations for sensitive positions; 

► Assign the appropriate department or agency the 
task of monitoring the new/emerging areas of 
electronic money and commerce, including new 
payment services; and 

► Ensure that the NSTAC continues to have at least 
one member from the financial services industry. 
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The IIG’s Transportation Risk Assessment Subgroup 
sponsored a workshop on September 10, 1997, to 
discuss the transportation information infrastructure. 
Topics included intermodal information 
dependencies, industry/Government information 
sharing, transportation information infrastructure 
vulnerabilities, and Government understanding of the 
transportation industry’s information infrastructure 
vulnerabilities. The workshop, held at Fort 
McPherson, Georgia, included representatives from 
many major transportation companies, including 
airlines, multimodal carriers, rail, highway, mass 
transit, and maritime. The subgroup documented its 
findings in an Interim Transportation Information Risk 
Assessment Report to NSTAC XX in December 1997. 

The IIG continued to investigate transportation 
information infrastructure issues through the NSTAC 
XXII cycle. As part of that effort, the IIG worked with 
Department of Transportation representatives to 
conduct outreach meetings with transportation 
industry associations to better understand intermodal 
transportation trends. The IIG also hosted another 
workshop on March 3 and 4, 1999, In Tampa, 

Florida, which included representation from each 
transportation sector. Participants discussed industry 
trends, including increased reliance on information 
technology and the rapid growth of intermodal 
transportation. Workshop findings were categorized 
Into four areas: 

(1) threats and deterrents, (2) vulnerabilities, 

(3) protection measures, and (4) infrastructure-wide 
issues. Based on the IIG’s final Transportation Risk 
Assessment Report, the NSTAC recommended that 
the President: 

► Continue support for the efforts of the 
Department of Transportation to promote 
outreach and awareness within the 
transportation infrastructure as expressed in 
P D D-63, Critical Infrastructure Protection. 

As part of the above recommendation, the NSTAC 
specifically recommended that the President and 
the Administration ensure support for the following 
activities: 
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► Timely dissemination of Government information 
on physical and cyber threats to the 
transportation industry; 

► Government research and development programs 
to design infrastructure assurance tools and 
techniques to counter emerging cyber threats to 
the transportation information infrastructure; 

► Industry/Government efforts to examine emerging 
industry-wide vulnerabilities such as those related 
to the Global Positioning System; and 

► Future Department of Transportation conferences 
to simulate intermodal and, where appropriate, 
inter-infrastructure information exchange on 
threats, vulnerabilities, and best practices. 

Following NSTAC XX, the IIG formed an Electronic 
Commerce (ECVCyber Security Subgroup to address 
two issues: the short-term, technical, and tIme-sensItIve 
issue relating to cyber security training and forensics; 
and the long-term, policy oriented, high-level Issue of 
fhe NS/EP implications of EC. In addressing fhe 
short-ferm issue, fhe subgroup found fhat indusfry and 
Government needed a stronger partnership to establish 
appropriate levels of trust and understanding and to 
foster cooperation in addressing cyber security issues. 
At the September 1998 NSTAC XXI meeting, the 
NSTAC approved the subgroup’s study paper along 
with the IIG report and made the following 
recommendation: 

► The President should direct the appropriate 
departments and agencies to continue working 
with the NSTAC to develop policies, procedures, 
techniques, and tools to facilitate industry/ 
Government cooperation on cyber security. 

To address the long-term issue, the IIG continued to 
investigate the NS/EP implications associated with 
the adoption of EC wifhin indusfry and Governmenf. 
The group focused ifs efforts on issues associated 
with the changing business and security processes 
and policies necessary to implement EC. The IIG’s 
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conclusions and recommendations were included in 
its June 1999 report to NSTAC XXII. Based on that 
report, the NSTAC recommended that the President: 

► In accordance with responsibilities and existing 
mechanisms established by E.O. 12472, 
Assignment of National Security and Emergency 
Preparedness Telecommunications Eunctions, 
designate a focal poinf for examining the NS/EP 
Issues related to widespread adoption of EC wlfhin 
fhe Governmenf; and 

► Direct Eederal departments and agencies, in 
cooperation with an established Eederal focal 
point, to assess the effect of EC technologies on 
their NS/EP operations. 

At the NSTAC XXI Executive Session, the U.S. 
Attorney General requested that the NSTAC and the 
DOJ work together to address cyber security and 
crime. The lES determined that the projects DOJ 
suggested should not be addressed by the NSTAC 
at large but agreed that the NSTAC could help 
facilitate a partnership between the DOJ and 
Individual corporations. 

This agreement resulted in a meeting on 
March 5, 1999, between the NSTAC chair and the 
Attorney General where they discussed the 
possibilities for industry and Government participation 
on mutually beneficial projects. These efforts 
ultimately resulted in DOJ’s Cyber Citizen program. 

Building on past NSTAC efforts in addressing lA and 
CIP issues, the IIG continued to coordinate with 
Eederal officials responsible for PDD-63 
implementation during the NSTAC XXII cycle. 
Specifically, In accordance with the PDD-63 
emphasis on public-private partnerships, IIG 
members focused on sharing the lessons and 
successes of NSTAC and offering it as a possible 
model for other infrastructures. 

Actions Resulting from NSTAC Recommendations 

NSTAC advice to the President and the 
Administration has had significant applicability to 
PDD-63 implementation. PDD-63 directs Eederal 
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lead agencies to identify infrastructure sector 
coordinators within industry to provide perspective 
on CIP programs. At NSTAC XXI in September 
1998, the NSTAC concluded that more than one 
entity or sector coordinator wouid be required to 
represent the diverse information and 
communications sector. In February 1999, following 
lES outreach to the Administration on the issue, the 
Department of Commerce acfed in concert with 
NSTAC advice and selected three industry 
associations to serve as sector coordinators for the 
information and communications sector. 

PDD-63 also calls for fhe privafe sector to explore 
the feasibility of establishing one or multiple ISAC. On 
the basis of the December 1997 NSTAC 
recommendation regarding a cross-infrastructure 
National Coordinating Mechanism, lES representatives 
engaged in a dialogue with senior Administration 
officials on the prospects of creating multiple 
infrastructure-based ISACs. That dialogue was 
important to the eventual decision to establish the 
National Coordinating Center for Telecommunicafions 
as an ISAC for telecommunicafions. 

Einally, PDD-63 emphasizes the importance of 
relying on nonregulafory solufions to address 
infrastructure vulnerabilities. In satisfying fhis 
objecfive, the Administration underscored the value 
of promoting industry standards and best practices 
to improve lA. That approach is consistent with and 
follows on the December 1997 NSTAC XX 
recommendation regarding the creation of a private 
sector Information Systems Security Board. 
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Reports Issued 

Information Assurance Task Force Report, March 1997. 

Electric Power Information Assurance Risk Assessment Report, 
March 1997. 

Information Infrastructure Group Report, December 1997. 

Financial Services Risk Assessment Report, December 1997. 

Interim Transportation Information Risk Assessment Report, 
December 1997. 

Cyber Crime Point Paper, December 1997. 

Information Infrastructure Group Report, September 1998. 

Cyber Security Training and Forensics Issue Paper, 

September 1998. 

Information Infrastructure Group Report, June 1999. 

Transportation Information Infrastructure Risk Assessment 
Report,\\ine 1999. 

Report on NS/EP Implications of Electronic Commerce, 

June 1999. 
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Information Sharing/Critical 
Infrastructure Protection 

Investigation Group / Period of Activity 

Information Sharing/Critical Infrastructure Protection 
Task Force (IS/CIPTF) 

September 1999 - March 2002 

National Plan to Defend Critical Infrastructures 
Task Force (NPTF) 

June 2001 - September 2001 

Issue Background 

In investigating Information Assurance issues, the 
NSTAC worked ciosely with the President’s 
Commission on Critical Infrastructure Protection and 
other Federal organizations concerned with 
examining physical and cyber threats to the Nation’s 
critical infrastructures. Federal efforts in this arena 
culminated with the release of presidential policy 
guidance—Presidential Decision Directive (PDD) 63, 
Critical Infrastructure Protection, May 22, 1998. 
Subsequently, PDD-63 implementation became a 
focal point for NSTAC activities. 

Following a reevaluation of NSTAC subgroups in 
September 1999, the lES created the IS/CIPTF to 
address information sharing issues associated with 
critical infrastructure protection (CIP). Specifically, 
the lES directed the task force to, among other 
things, continue interaction with Government leaders 
responsible for PDD-63 implementation, and 
examine mechanisms and processes for protected, 
operational information sharing that would help 
achieve the goals of PDD-63. 

At NSTAC XXIV, the National Coordinator for Security, 
Infrastructure Protection, and Counter-terrorism 
requested the NSTAC’s assistance in developing the 
Administration’s National Plan for Critical Infrastructure 
Protection. The NSTAC’s lES established the NPTF to 
draft a response to the National Coordinator’s 
request. Subsequently, NPTF leadership met with 
National Security Council and Critical Infrastructure 
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Assurance Office (CIAO) staff to discuss approaches 
for providing input to the national plan. The chosen 
approach focused on providing input on capabilities 
for national information sharing, analysis, and 
dissemination to counter cyber threats. 

History of NSTAC Actions and Recommendations 

Building on outreach work conducted by the NSTAC 
Information Infrastructure Group during the NSTAC XXII 
cycle (see the Information Assurance section in this 
NSTAC Issue Review), the IS/CIPTF continued to provide 
input to the Director, CIAO, on the National Plan for 
Information Systems Protection (Version 1.0). This plan was the 
first major element of a more comprehensive effort by 
the Federal Government to protect and defend the 
Nation against cyber vulnerabilities and disruptions. 

The IS/CIPTF members shared industry concerns and 
developed a dialogue with the Government that helped 
to shape the plan. In its May 2000 report to NSTAC 
XXIII, the IS/CIPTF provided NSTAC-recommended 
input to the plan regarding the National Coordinating 
Center for Telecommunications (NCC) as the 
Information Sharing and Analysis Center (ISAC) for the 
telecommunications industry. 

In parallel with its work associated with the National 
Plan for Information Systems Protection (Version 1.0), and as 
part of continuous efforts to share NSTAC expertise 
with industry and Government, the IS/CIPTF 
monitored the development of the Partnership for 
Critical Infrastructure Security. The Partnership is an 
industry/Government effort to raise awareness about 
critical infrastructure security and facilitates industry 
participation in the national process to address CIP. 
Through individual NSTAC member company 
participation, the NSTAC shared expertise, 
successes, lessons learned, and experiences to 
further facilitate the development of the Partnership 
in support of PDD-63 objectives. 

The IS/CIPTF also examined mechanisms and 
processes for protected, operational information 
sharing that would help achieve the goals of 
PDD-63 and further the role of the NCC as an ISAC 
for telecommunications. (See the Industry/ 
Government Information Sharing and Response 
section in this NSTAC Issue Review for a discussion of 
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how the NSTAC’s support for the evolving role of fhe 
NCC helped pave fhe way for the establishment of 
the NCC as an ISAC for telecommunications). 

Specifically, fhe task force examined fhe NCC's 
historical experiences to determine how and what 
information is shared and the utility of information 
sharing for industry and Government. As part of fhe 
sfudy, the IS/CIPTF examined the NCC's Year 2000 
(Y2K) experiences for lessons learned fhaf could 
benefif infrastrucfure profecfion efforfs. The fask 
force also idenfified benefits of informafion sharing to 
both industry and Government. 

The IS/CIPTF also requested that the NSTAC’s 
Legislative and Regulatory Working Group (LRWG) 
examine the Freedom of Information Act {FO\A) as a 
potential impediment to information sharing and 
report its findings to the task force. The LRWG's work 
provided the task force with the background 
necessary to voice industry concerns about the need 
for legal provisions to protect critical infrastructure 
protection-related information from disclosure. 

The IS/CIPTF documented its findings in its report to 
NSTAC XIII in May 2000. The IS/CIPTF concluded 
that historical and Y2K experiences demonstrate 
information sharing to be a worthwhile effort; 
however, for widespread information sharing over an 
extended period of time to take place, legal, 
operational, and perceived impediments must be 
overcome. Based on the IS/CIPTF’s report, the 
NSTAC recommended that the President: 

► Support legislation similar to the Y2KInformation and 
Readiness Disclosure ActtUat would protect CIP 
information voluntarily shared with the appropriate 
departments and agencies from disclosure under 
FOIA and limif liability. 

At the May 16, 2000, NSTAC XXIII Meeting, a 
Government request was made for industry advice 
and recommendations for revision of the National Plan 
for Information Systems Protection. During the NSTAC XXIV 
cycle, the IS/CIPTF developed a response based on 
the NSTAC’s experience with proven processes for 
industry and Government partnership at the 
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technical, operational, and policy levels. Specifically, 
the task force documented NSTAC findings related to 
the three broad objectives of Version 1.0 of the 
national plan—Prepare and Prevent, Detect and 
Respond, and Build Strong Foundations—that 
should be reflected in Version 2.0 of the plan. In 
addition, the task force proposed that a new broad 
objective—International Considerations—be included 
in the plan’s Version 2.0. The NSTAC approved the 
response, and forwarded it to the President. This 
information was also shared with the Information and 
Communications (l&C) Sector Coordinators: the U.S. 
Telecom Association, the Telecommunications 
Industry Association, and the Information Technology 
Association of America; and the l&C Sector Liaison, 
NTIA. The information was subsequently included in 
the l&C Sector Report that NTIA forwarded it to the 
President in April 2001. 

During the NSTAC XXIV cycle, the IS/CIPTF also 
continued to address barriers to sharing CIP-related 
information, including possible law enforcement 
restrictions on industry sharing network intrusion 
data with ISACs or similar information sharing 
forums. The task force requested that the NSTAC 
and Government Network Security and Information 
Exchanges (NSIE) assist in investigating this issue. 

The NSTAC NSIE representatives reported that, 
historically, they had not discussed intrusions into 
their networks and systems with anyone else after 
reporting them to law enforcement because case 
agents had told them that doing so might 
compromise the investigation of their cases. In 
working with the Department of Justice, the NSIEs 
found that although common practice discourages 
victims of such crimes from sharing information, no 
laws or policies prohibit victims from discussing 
crimes against them even after they have reported 
them to law enforcement. To address the situation, 
the Chief, Computer Crime and Intellectual Property 
Section, Department of Justice, agreed to work with 
the law enforcement community to implement 
policies that encourage victims to share such 
information, and to educate victims on those policies. 
The NSIEs concluded that it would be necessary for 
the private sector to ensure that personnel 
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interacting with law enforcement on such cases are 
aware that they are permitted and encouraged to 
share this information for network security purposes 
using appropriate mechanisms. 

At the June 6, 2001, NSTAC XXIV meeting, the 
National Coordinator requested the NSTAC’s 
assistance in developing the Bush Administration's 
National Plan for Critical Infrastructure Assurance. At that 
meeting. Federal officials also briefed a new national 
initiative for Information sharing and dissemination, the 
Cyber Warning Information Network (CWIN), to the 
NSTAC as part of the discussion on national 
information sharing capabilities. The lES formed the 
NPTF to discuss the proposed CWIN and develop 
further Input to the national plan. The NPTF held 
discussions with members of the Government’s CWIN 
Working Group to gain a better understanding of the 
CWIN initiative. The NSTAC input to the national 
plan—based on the NPTF work—included an 
industry-based assessment of a national information 
sharing, analysis, and dissemination capability for 
addressing “cyber crises.” The assessment considered 
CWIN as a part of that larger national capability. 

The NSTAC’s input focused on the need for a 
recognized, authoritative, national-level capability to 
disseminate warnings and facilitate response and 
mitigation efforts for cyber crises across the Nation’s 
infrastructures. The NSTAC also concluded that key 
elements of such a capability spanning public and 
private sectors should include information collection 
and sharing, information analysis, dissemination of 
alerts and warnings, and post-event analysis. 

The NSTAC recognized that conceptualizing the 
architecture for a national capability for addressing 
cyber crises is a complex undertaking. Before a 
national capability can become fully operational, 
industry and Government must address—individually 
and in collaboration—numerous policy, legal, 
financial, operational, and technical issues. 
Nevertheless, the NSTAC clearly determined that the 
ISACs should be leveraged by both industry and 
Government in building such a national capability 
and should serve as the Government’s primary 
means of interface with industry. In addition, the 
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NSTAC determined that industry and Government 
should develop communications mechanisms to link 
the ISACs to each other as well as with Government. 
The NSTAC also found fhat infrastructures should 
consider alternative means for communicating 
during emergencies as appropriate to the sector. For 
example, the telecommunications Industry developed 
an alerting and coordination mechanism, which 
connects key elements of the sector and provides 
reliable and survivable communications in the event 
other communications mechanisms are unavailable 
or requirements warrant its use. The NSTAC 
forwarded its report containing input on the national 
plan to the President in November 2001. 

Reports Issued 

Information Sharing/Critical Infrastructure Protection 
Task Force Report, May 2000. 

The NSTAC's Response to the National Plan, April 2001. 

Information Sharing for Critical Infrastructure Protection 
Task Force Report, June 2001. 

The NSTAC’s Input to the National Plan: An Assessment of 
Industry's Role in National Level Information Sharing, Analysis, 
and Dissemination Capabilities for Addressing Cyber Crises, 
November 2001. 
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Intelligent Networks 

Investigation Group / Period of Activity 

Intelligent Networks (IN) Task Force 

August 1989 - October 1991 

Issue Background 

The Telecommunications System Survivability 
Task Force selected IN as one of five study topics 
focused on determining the effect of new 
technologies on telecommunications systems 
survivability. In June 1989, the NSTAC charged the 
lES with continuing the intelligent network effort on 
an interim basis pending review by the lES PWG. 
Upon PWG recommendation that intelligent networks 
become a full task force, the lES established the IN 
Task Force in August 1989. 

NSTAC XI extended the activities of the IN Task 
Force until NSTAC XII, December 13, 1990. To meet 
its charge, the task force worked with the OMNCS to 
derive a set of desired NS/EP user features and 
compared them with intelligent network services. The 
task force defermined fhe advanfages and 
disadvantages of identified infelligent nefwork 
services for NS/EP felecommunications, including 
interoperability considerations. The lES extended the 
IN Task Force until NSTAC XIII to allow the OWG to 
work with the task force and fhe OMNCS to refine fhe 
recommendafions in the task force final report. 

The IN Task Force presented its final reporf and 
recommendafions af the November 1990 lES 
meeting. The lES referred the report to the lES OWG 
for evaluation. The OWG’s New Technology Panel 
developed an executive report on I Ns in response to 
the lES charge to evaluate and refine fhe conclusions 
and recommendations of the IN Task Force Final Report. 
NSTAC XIII directed the lES to disband the IN Task 
Force. In its Executive Report to the President, 

NSTAC offered to provide additional support to assist 
the Government in meeting the challenges of 
intelligent networks. 


2006-2007 NSTAC Issue Review ► PREVIOUSLY ADDRESSED ISSUES 


History of NSTAC Actions and Recommendations 

At NSTAC XIII, October 3, 1991, the NSTAC approved 
the following recommendafion to the President in the 
IES Executive Report on Intelligent Networks: 

► The Government should establish an IN Program 
Office to ensure advantages of evolving infelligenf 
networks are incorporated into planning for and 
procuremenf of Governmenf NS/EP 
telecommunications. 

Actions Resulting from NSTAC Recommendations 

The OMNCS established an Advanced Intelligent 
Networks (AIN) Program Office in ifs Office of Plans 
and Programs. The primary objecfives of the AIN 
Program Office are to: 

► Identify AIN service needs for NS/EP 
telecommunications; 

► Determine the current status and planned 
capabilities of AIN fechnology; 

► Demonstrafe AIN capabilities supporting NS/EP 
requirements; 

► Assess the status of AIN sfandards activifies; and 

► Develop and implement a strategy for influencing 
the direction of AIN standards. 

The AIN Program Office awarded a 5-year AIN NS/EP 
confract to Bellcore to provide a mechanism for 
collecting IN and AIN data, analyzing new technology 
developments, and demonstrating AIN-based 
applications. By meeting those objectives and obtaining 
pertinent information from Bellcore, the OMNCS will 
help ensure NS/EP telecommunications users benefit 
from fhe evolving AIN technology. 

Reports Issued 

The IN Task Force Final Report: The Impact of IN on NS/EP 
Telecommunications, November 7,1990. 

The Industry Executive Subcommittee: Executive Report on IN, 
Octobers, 1991. 
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International Diplomatic 
Telecommunications 


Reports Issued 


IDT Task Force Interim Report to lES, January 16,1984. 


Investigation Group / Period of Activity 


IDT Task Force Final Report, March 15,1984. 


International Diplomatic Telecommunications (IDT) 

Task Force 

September 1983 - December 1984 

Issue Background 

National Security Decision Directive (NSDD) No. 97 
stipulates that U.S. Government missions and posts 
overseas must have the required telecommunications 
facilities and services to satisfy the Nation’s needs 
during international emergencies. The National 
Communications System requested that the NSTAC 
advise the Department of State (DOS) on the 
vulnerability and risks inherent in overseas leased 
networks and offer remedial measures. On 
September 27, 1983, the NSTAC lES formed the IDT 
Task Force to study the issue and develop 
recommendations. 

History of NSTAC Actions and Recommendations 

In April 1984, the NSTAC forwarded the following 
recommendations on IDT to the President: 

► Review vulnerabilities and risks at overseas 
diplomatic posts using the guidelines established 
by the IDT Task Force; and 

► Establish a DOS point of contact to serve the 
telecommunications needs of foreign missions 
operating in the United States. 

The NSTAC also instructed the lES to assist the DOS 
in determining the feasibility of using 
telecommunications resources owned by U.S. 
industries to support diplomatic requirements during 
international emergencies. 
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International National Security 
and Emergency Preparedness 
Telecommunications 

Investigation Grou[i / Period of Activity 

Ad Hoc Group of the Industry Executive Subcommittee (lES) 
Plans Working Group (PWG) 

July 1990-March 1991 

Issue Background 

Effective worldwide communications directly 
influences the Nation’s ability to promote its national 
security interests in the global arena and to meet its 
international responsibilities. Changes In the 
international environment will profoundly affect the 
telecommunications capabilities needed to support 
the U.S. NS/EP posture. Significant changes In the 
international telecommunications Industry-Eastern 
European modernization, U.S. carrier involvement In 
other countries, and development of new technologies 
and international standards will also affect the means 
for providing the requisite capabilities. 

During the last few years, the industry/Government 
NS/EP telecommunications planning community 
demonstrated increasing interest in and concern 
about the international dimensions of NS/EP 
telecommunications. After considering a variety of 
potential problem areas, the ad hoc group concluded 
that although modern telecommunications 
technologies are increasingly capable of supporting 
NS/EP needs. Inadequate planning for using such 
technologies might impede the President’s ability to 
effectively react to international events. 

The ad hoc group recommended to the 
October 24, 1990, PWG meeting that it form a 
task force to: 

► Identify and assess the biggest problem areas 
affecting future U.S. international NS/EP 
telecommunications capabilities; and 
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► Develop recommendations for an U.S. international 
NS/EP telecommunications plan of action using 
both Government and private sector 
telecommunications resources and capabilities to 
meet evolving U.S. international NS/EP 
telecommunications needs. 

The PWG concluded that the ad hoc group needed to 
refocus the issue and directed it to review the 
international NS/EP telecommunications issue again 
with a sharper focus of the original charge. The ad hoc 
group met several times and presented a revised set of 
proposed task force charges at the March 6, 1991, 
PWG Meeting. The PWG concluded that an 
International task force was not warranted, but that the 
PWG Chair should send a letter to the Deputy Manager, 
NCS, advising of the ad hoc group’s findings and 
gauging NSTAC’s willingness to address the 
international issue if requested by the Government. The 
Deputy Manager, NCS, forwarded a copy of the PWG 
Chair’s letter to NCS principals to convey the PWG’s 
willingness to assist the Government in its effort to 
enhance overseas NS/EP communications. 

Reports Issued 

Ad Hoc International Group of the lES Plans Working Group, 
International National Security and Emergency Preparedness 
Telecommunications Issue, October 1990. 
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Last Mile Bandwidth Availability 

Investigation Group / Period of Activity 

Last Mile Bandwidth Availability Task Force (LMBATF) 

January 2001 - March 2002 


Issue Background 

At the 23rd meeting of the President’s NSTAC on 
May 16, 2000, the Deputy Secretary of Defense, and 
the Manager, NCS, addressed the inabiiity of the 
Nation's miiitary and national security organizations 
to obtain the timely provisioning of high-bandwidth 
circuits at the local level, referred to as the “last 
mile.” Subsequently, in an October 2000 letter to the 
NSTAC Chair, the NCS Manager asked the NSTAC to 
recommend what the Government could do to 
expedite the provisioning of “last mile” bandwidth or 
mitigate the provisioning periods for such services. 

After scoping the key issues in coordination with 
Government, the NSTAC's lES formed the LMBATF at 
its January 18, 2001, Working Session. The task 
force was to examine the root causes of the 
provisioning periods, how the Government might 
work with industry to reduce provisioning times or 
otherwise mitigate their effects, and what policy- 
based solutions could be applied to the provisioning 
of high-bandwidth circuits for NS/EP services. The 
task force included broad representation of NSTAC 
member companies and NCS departments and 
agencies. During the remainder of the NSTAC XXIV 
cycle, the LMBATF gathered data from both industry 
organizations and the Federal Government regarding 
their experiences with provisioning at the local level. 
The task force also solicifed input from 
telecommunications service providers on the 
processes for provisioning at the local level and the 
factors affecting provisioning periods. Based on the 
input, the LMBATF agreed that the scope of the 
study should apply to non-universally available 
services throughout the United States, including fiber 
optics, T1 and T3 lines, integrated services digital 
network and digital subscriber line technologies. 
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History of NSTAC Actions and Recommendations 

The LMBATF concluded its analysis of the “last mile” 
provisionings during the NSTAC XXV cycle and 
presented its findings and recommendations in the 
M a rc h 2002 "Last Mile" Bandwidth A vailability Task Force 
Report at NSTAC XXV. The task force found thaf the 
provisioning periods for high-bandwidth services in 
the “last mile” are affected by a combination of 
complex factors, such as intricate legislative, 
regulatory, and economic environments; challenging 
site locations; and contracting policies and 
procedures. Furthermore, while the 
Telecommunications Act of 1996 sought to encourage 
competition, many carriers, both incumbent and 
competitive, are dissatisfied with the results. This, 
combined with a high level of marketplace uncertainty, 
has reduced infrastructure investment by incumbents 
and competitors alike. 

The task force also concluded that current 
Government contracting arrangements also create 
difficulties. In many instances, contracts are only 
vehicles for ordering services and do not represent a 
firm commitment on the part of the Government to 
purchase a service. Because such commitments are 
not in place, the carrier cannot be assured of 
recovering ifs infrastructure investment. Furthermore, 
when the business case warrants such investment, 
carriers are limited by contracts’ failure to list the sites 
to be served or the types and quantities of services to 
be provided. Problems also occur because 
Government contracts legally bind the prime contractor 
but make no explicit demands on subcontractors on 
which the prime contractor depends. 

The Government is adversely affected by funding 
cycles that do not coincide with the time needed to 
obtain high-bandwidth services. Funding is not 
allocated until the user identifies an immediate need 
and obtains approval. However, the deployment of 
high-bandwidth infrastructure often requires years of 
planning and coordination for allocafing capital, 
obtaining rights-of-way authority, and installing 
service facilities. The imperfect intersection of these 
inherently mismatched processes often results in 
lengthy provisioning periods. 
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The negative consequences of the funding process 
are often exacerbated by a fragmented management 
structure. In many cases, project managers are 
responsible for separate portions of the network, with 
no single entity responsible for planning or monitoring 
the provisioning of end-to-end service. Overall project 
management Is vital to effective network deployment, 
systems integration, and achievement of project 
goals. Because telecommunications services are 
provided by a multitude of companies, users must 
track service orders and manage the network from a 
centralized perspective. 

The task force also studied whether the TSP System 
can be used to expedite “last mile" provisioning 
requests because TSP provisioning assignments are 
used by the NS/EP community to facilitate the 
expedited installation of telecommunications circuits 
that otherwise could not be installed within the 
required time frame. Although TSP seems to be an 
applicable solution for many NS/EP “last mile” 
bandwidth requests, TSP provisioning assignments 
can only be applied to services originating from new 
business requirements. Therefore, TSP provisioning 
cannot be used to replace or transfer existing services, 
such as those associated with the contract transition. 
Einally, TSP cannot be used to make up for time lost 
because of inadequate planning or logistical 
difficulties. According to these parameters, many “last 
mile” provisioning requests are not eligible for the TSP 
System, even if the requested service could be used 
for executing an agency’s NS/EP mission. An 
alternative for meeting Government organizations’ 
service requirements may be the implementation of 
alternative technologies to fulfill bandwidth 
requirements on a temporary or permanent basis. 

Based on this analysis, the LMBATF report 
recommended that the President, in accordance with 
responsibilities and existing mechanisms established 
by Executive Order (E.O.) 12472, Assignment of National 
Security and Emergency Preparedness Telecommunications 
Functions and other existing authority: 


The President’s National Security Telecommunications Advisory Committee 


► Direct the appropriate departments and agencies, 
in coordination with industry, to reevaluate their 
communications service contracting and 
purchasing procedures and practices and take 
action to: 

• Provide sufficient authority and flexibility to 
meet their needs, consistent with current 
conditions 

• Allow long lead-time ordering and funding 
commitments based on projected 
requirements 

• Allow infrastructure funding where necessary 
for anticipated future needs or to accelerate 
installation so that customer requirements 
can be met 

• Share or assume risk for new service capital 
investment to ensure timely delivery 

• Allow and provide for performance incentives 
for all performing parties: industry and 
Government, organizational and individual 

• Require end-to-end project management of 
communications service ordering and delivery. 

► Direct the Federal Government Chief Information 
Officers Council to propose, and assist in 
implementing, improved Government contracting 
practices for communications services that will 
enhance the availability of broadband services for 
the “last mile.” 

In support of the recommendations, NSTAC “Last 

Mile" Task Force Report also suggested that both industry 

and Government encourage: 

► Government contracting officers to engage all 
industry and Government representatives in joint 
planning sessions; 

► Industry representatives to work with Government 
contracting officers in joint planning sessions; 
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► Use of a contract structure that makes all carriers 
involved in the delivery of the service parties to 
the contract with direct accountability to the 
Government contracting entity; and 

► Contracting practices that require end users to 
identify requirements and to communicate future 
needs to network providers. End users and 
network providers should jointly identify 
complicating factors and discuss alternatives. 

Finally, the NSTAC “Last Mile” Bandwidth Availability Task 

force ffe/jorfencouraged Government to: 

► Establish realistic service requirements and 
timelines and select the service options that meet 
its needs with acceptable risk; 

► Convene a working group consisting of industry 
and Government stakeholders in the provisioning 
process to develop and recommend a streamlined 
approach to all aspects of the process, including 
planning, ordering, and tracking. The resulting 
proposal should be comprehensive, simplifying 
steps and organizations as much as possible; 
should share information appropriately at all 
points; and should support flexibility in meeting 
end-user needs. The working group should give 
strong consideration to a single Government 
database to support the process and a single 
point of contact, such as a phone number or an 
e-mail address, to ensure accuracy of information 
and provide exception handling; and 

► Establish or contract for project managers who have 
all necessary management control tools at their 
disposal; access to pertinent information; and 
experience, responsibility, and authority for obtaining 
and overseeing delivery of the end-to-end service. 

The LMBATF concluded its activities upon NSTAC 

approval of its report. 
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Reports Issued 

“Last Mile" Bandwidth Availability Task Force Report 
to NSTAC XXV, March 2002. 
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National Coordinating Mechanism 

Investigating Group / Period of Activity 

National Coordinating Mechanism (NCM) Task Force 

December 1982 - No vember 1984 


Issue Background 

The President’s National Security Telecommunications 
Advisory Committee (NSTAC) recognized the need to 
establish a mechanism for coordinating industry and 
Government responses to the Government’s national 
security and emergency preparedness (NS/EP) 
telecommunication service requirements in the 
post-divestiture environment. As a result, NSTAC formed 
the NCM Task Force in December 1982, and charged it 
to identify and establish the most cost-effective 
mechanism to coordinate industry-wide responses to 
NS/EP telecommunications requests. 

History of NSTAC Actions and Recommendations 

The NSTAC forwarded a series of NCM 
recommendations to the President in 1983 and 1984. 
The National Coordinating Center (NCC) Is the most 
significant result of these recommendations. Established 
on January 3, 1984, the NCC is a joint industry/ 
Government operations center that supports the Federal 
Government’s NS/ EP telecommunication requirements. 

Actions Resulting from NSTAC Recommendations 

The Telecommunications Systems Survivability (TSS) 
Task Force reviewed Government actions taken on the 
NSTAC’s NCM recommendations and concluded that 
the NCM recommendations were carried out promptly 
and effectively. The task force recommended 
continuing NCS member organizations’ representation 
in the NCC, and continuing Government dissemination 
of NS/EP information. The NSTAC approved the TSS 
Task Force’s findings and recommendations on the 
NCM and forwarded them to the President on 
September 22, 1988. 

The National Communications System member 
agencies’ representation in the NCC continues, as does 
the Government’s dissemination of NS/EP information. 


Please see the NCC section In the Active Issues section, 
as well as the Industry/Government Coordination and 
Response section in this NSTAC Issue Review for a fuller 
discussion of recent NCC actions. 

Reports Issued 

NCM Task Force Report, May 16,1983. 

NCM Implementation Plan (Final Report), January 30,1984. 
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National Information Infrastructure 

Investigation Group / Period of Activity 

National Information Infrastructure (Nil) Task Force 

August 1993 - March 1997 

Issue Background 

At the August 2, 1993, lES meeting, the Plans 
Working Group (subsequentiy reestabiished as the 
Issues Group) recommended that a task force be 
established to address NS/EP telecommunications 
issues related to the evolution of the U.S. information 
infrastructure. The lES established an Nil Task Force 
to provide a series of reporfs with recommendations 
to the President. The task force’s charge was fo: 

► Idenfify, in collaborafion with Government, 
potential dual-use applications of fhe Nil and 
recommend Government actions; 

► Identify potenfial NS/EP implicafions of the Nil 
and recommend Government actions; 

► As a minimum, address items identified by the 
Director, OSTP at NSTAC XV (for example, 
securify, resiliency, inferoperability, sfandards, 
and spectrum); 

► Advise Government on technical and other 
considerations that will accelerate 
commercialization of a nafionwide high speed 
network available to NS/EP users; and 

► As a minimum, address architectural, policy, 
and regulatory issues, along with those research 
and development focus areas, pilof/ 
demonstration projects, and civil/military 
telecommunications issues identified by OSTP 
and the National Economic Council. 

The task force relied on The National Information 
Infrastructure: An Agenda for Action, released by the 
administration on September 15, 1993, as a guide 
for its work. This document called for the NSTAC to 
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continue to offer advice to the President on NS/EP 
telecommunications issues, work with the Federal 
Communications Commission's Network Reliability 
Council (subsequently renamed the Network 
Reliability and Interoperability Council) and 
complement the work of the U.S. Advisory Council 
on the Nil. To better focus on ifs charge and 
coordinate with the Information Infrastructure Task 
Force and its committees, the Nil Task Force 
established three subgroups: the Policy Subgroup, 
the Applications Subgroup, and the Future 
Commercial Systems and Architecture Subgroup. 

The Policy Subgroup’s final report. Approach to 
Security and Privacy on the Nil, summarized the findings 
of fhe subgroup in network security. It made 
preliminary recommendations on ways to ensure 
that expansion and enhancement of fhe 
information infrastructure would be compatible 
with telecommunications security concerns. 

The Applications Subgroup assessed Nil 
applications that the Government was developing. 

In doing so, the subgroup developed criteria to 
select applications for increased emphasis. The 
subgroup made a number of recommendations 
related to developing dual-use applications. 

Additionally, the subgroup established an Emergency 
Plealth Care Information Focus Group to address 
health-care-specific issues for the Nil. The subgroup 
chose this application area as a model for examining 
importanf information infrastructure application 
issues, such as interoperability, privacy, and security. 

The final report of the Future Commercial Systems 
and Architecture Subgroup addressed the 
architectural principles and trends and NS/EP 
performance issues of fhe currenf and future Nil. It 
examined the Nil from fhe perspective of three major 
components: the public switched network, broadcast 
networks, and the Internet. 

Additionally, the Issues Group addressed the 
information infrastructure issue, working with the 
OSTP to develop plans for an Nil Symposium at the 
Naval War College (NWC), Newport, Rhode Island, 
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October 17 - 19, 1994. The Issues Group planned 
the symposium with the OSTP In response to an 
NWC Invitation to the NSTAC to participate in a 
communications-focused game designed to address 
the Nil. The NWC produced a non-attribution report 
for distribution to ali participants, and it is avaiiabie to 
any interested parties upon request. 

History of NSTAC Actions and Recommendations 

The task force presented its interim report at the 
NSTAC XVI Meeting on March 2, 1994. The report 
provides the background on the task force’s 
establishment, its activities and future direction, and a 
summary that includes a proposed statement for the 
NSTAC XVIExecutive Report. The statement reiterates the 
task force’s commitment to assisting the President in 
ensuring it satisfies NS/EP requirements on the Nil. 
The NSTAC approved both the report and the 
proposed statement for forwarding to the President. 

The task force presented an Nil Task Force Status Report 
at NSTAC XVII on January 12, 1995. The report 
discussed the work of the task force’s three 
subgroups—the Policy Subgroup, the Applications 
Subgroup, and the Future Commercial Systems and 
Architecture Subgroup. The status report also 
addressed the 12 recommendations culled from the 
individual subgroup reports. 

The task force presented its third report to NSTAC 
XVIII on February 28, 1996. The report included 
analysis and recommendations regarding three NS/ 
EP issues: 1) the need for an Nil Security Center of 
Excellence (SCOE), 2) the emerging Gil, and 
3) Emergency Health Care Information. The NSTAC 
approved forwarding recommendations to the 
President regarding the latter two issues. 

Following NSTAC XVIII, the lES charged the task 
force to further investigate the advisability of 
establishing a SCOE, henceforth referred to as the 
Information Systems Security Board (ISSB). The task 
force conceptualized the ISSB as a private sector 
entity that would promote information systems 
security principles and standards to improve the 
reliability and trustworthiness of information products 
and services. The task force developed the ISSB 
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Concept Paper, which outlined the functions and 
processes of the ISSB and served as the centerpiece 
for an outreach effort undertaken to ascertain the 
viability of the ISSB model. After contacting more 
than 100 major information technology companies, 
industry associations. Government agencies, and 
major information technology users, the Nil Task 
Force determined that there was broad support for 
the ISSB concept and that industry should take the 
lead in its formation. 

The task force presented its fourth and final report at 
NSTAC XIX on March 18, 1997. The report focused 
on the ISSB initiative and the NS/EP implications of 
the Gil. The NSTAC recommended the President 
endorse the private sector ISSB initiative. Lastly, the 
NSTAC approved a recommendation to sunset the 
Nil Task Force. 

Actions Resulting from NSTAC Recommendations 

The Information Technology Industry Council (ITIC) 
sponsored an effort to explore formation of the ISSB; 
the ITIC hosted the first meeting of this group on 
January 21, 1997. Following the meeting, the 
Information Security Exploratory Committee (ISEC), a 
consortium of interested stakeholders, met regularly 
to discuss the possibility of operationalizing the ISSB 
concept. The ISEC issued its report in January 1998 
in which it recommended that, although it supported 
the concept of the ISSB, studies revealed that 
establishment of such a board would be duplicafive 
of private endeavors. 

At the same time, however, the ISSB concept 
influenced the Clinton Administration’s policy on 
implementing Presidential Decision Directive 63, 
Critical Infrastructure Protection. Specifically, in an 
approach consistent with the NSTAC’s ISSB 
recommendation, the Administration’s Critical 
Infrastructure Assurance Office underscored the 
value of promoting industry standards and best 
practices to improve infrastructure assurance. 
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Reports Issued 

Nil Task Force Interim Report, February 1994. 
Nil Task Force Report, January 1995. 

Nil Task Force Report, February 1996. 

Nil Task Force Report, March 1997. 


107 



The President’s National Security Telecommunications Advisory Committee 


National Research Council Report 

Investigation Group / Period of Activity 

National Research Council (NRC) Report Task Force 

August 1989 - March 1990 

Issue Background 

In June 1989, the NSTAC noted that the NRC report, 
Growing Vulnerability of the Public Switched Networks (PSN): 
Implications for National Security Emergency Preparedness, 
differed from Telecommunications Systems 
Survivability Task Force findings. The NSTAC, 
therefore, charged the lES with examining those 
differences and reporting back in early 1990. In 
response, the lES formed the NRC Report Task Force 
and issued the following charges: 

► If it agreed with the NRC report, address what 
actions should be taken by industry to assist the 
Government in implementing the NRC's 
recommendations; 

► If it did not agree, give the reasons why and the 
factors bearing on the differing perspectives ot the 
lES and the NRC; and 

► Comment on the report's implications for 
interoperability. 

The task force issued its final report in March 1990. 

History of NSTAC Actions and Recommendations 

In March 1990, the NSTAC approved the findings of 
the NRC Report Task Force. Contrary to the NRC’s 
findings, the task force concluded the PSN was 
growing more survivable. This survivability stems from 
the increased network diversity provided by the 
existence of three major interexchange carriers, the 
increased user demand for network service availability, 
the deployment of robust network architectures, and 
the incorporation of advanced transmission, switching, 
and signaling technologies. The task force also noted 
that current technologies and competitive trends were 
enhancing network robustness. 
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Actions Resulting from NSTAC Recommendations 

The NRC Report Task Force agreed with some of the 
recommendations of the NRC report and believed 
that the issue of growing vulnerabilities of the PSN 
needed to be further addressed. Therefore, the lES 
established the Network Security Task Eorce. 

In 1991, the NRC report attracted considerable 
attention in Congress and at the ECC due to recurring 
outages of the PSN. The FCC established the Network 
Reliability Council on Eebruary 27, 1992, to make 
recommendations to the FCC on improving network 
reliability. The Network Reliability Council sponsored a 
symposium from June 10-11, 1993, in Washington, 
DC, on industry’s best practices for avoiding and 
minimizing the risk and impact of future telephone 
network outages. 

Reports Issued 

NRC Report Task Force Final Report, March 1990. 
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National Telecommunications 
Management Structure 

Investigation Group / Period of Activity 

National Telecommunications Management Structure 
(NTMS) Task Force 

August 1986-June 1989 


the southwest and northwest regions provided 
additional capability. The subcommittee also 
completed NTMS regional validations in Chicago, 
Illinois, during November 1992; in Atlanta, Georgia, 
during February 1993; and in Denver, Colorado, 
during April 1993. 

Reports Issued 

NTMS Implementation Concept (Final), November 1987. 


Issue Background 

On May 22, 1986, the NSTAC concurred with the 
Government that there was a need for a survivable 
and endurable management structure to support 
NS/EP telecommunications requirements, and agreed 
that industry and Government should work jointly to 
develop such a capability. As a result, the NSTAC 
established the NTMS Task Force in August 1986 and 
charged it with assisting in developing an NTMS 
implementation plan. 

History of NSTAC Actions and Recommendations 

On November 6, 1987, the NSTAC forwarded to the 
President its recommendation to approve the NTMS 
Implementation Concept The Executive Office of the 
President approved the concept on March 25, 1988. 
The NCS, opened the NTMS Program Office on 
June 17, 1988. During the week of July 12-15, 1988, 
the NCS conducted the NTMS trial exercise to 
determine the feasibility of the NTMS concept and 
funding requirements. The NCS successfully tested the 
National Telecommunications Coordinating Network 
concept September 27-29, 1988. The NCS completed 
the NTMS program plan in March 1989, and it is 
updated periodically. The NSTAC disbanded the NTMS 
Task Force on June 8, 1989. 

Actions Resulting from NSTAC Recommendations 

Through the NCC, industry provides advice and 
assistance in pursuit of NTMS operational capability. 

The NCS established the COR NTMS Subcommittee 
to assist in achieving NTMS initial operational 
capability. The NTMS program became operational 
with the implementation of the northeast region in 
October 1990. In September 1991, the activation of 
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Network Convergence 

Investigation Group / Period of Activity 

Network Group (NG) 

April 1997 - September 1999 

Information Technology Progress Impact 
Task Force (ITPITF) 

September 1999 - June 2000 

Convergence Task Force (CTF) 

June 2000-June 2001 

Network Security Vulnerability Assessments 
Task Force (NS/VATF) 

June 2001 - March 2002 

Next Generation Networks Task Force (NGNTF) 

May 2004 - May 2006 

Issue Background 

Telecommunications carriers are implementing 
cost-effective packet networks to remain competitive 
in the evolving telecommunications marketplace and 
to support wide-scale delivery of diverse, advanced 
broadband services. However, because of their large 
investments in circuit switched network infrastructure, 
carriers are initially leveraging the best of both 
infrastructures, resulting in a period of network 
convergence during the transition to the next 
generation network (NGN). In this evolving network 
environment, the President’s National Security 
Telecommunications Advisory Committee (NSTAC) 
recognizes that industry and Government must strive 
to identify and remedy associated network 
vulnerabilities to ensure sustained critical 
communications capabilities of the national security 
and emergency preparedness (NS/EP) community. 
Accordingly, the NSTAC established task forces to 
analyze various infrastructure, security, and 
operational vulnerabilities stemming from network 
convergence and to provide recommendations to 
mitigate the vulnerabilities. 
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History of NSTAC Actions and Recommendations 

Following NSTAC XXII in June 1999, the Industry 
Executive Subcommittee (lES) created the Information 
Technology Progress Impact Task Force (ITPITF) to 
examine the potential implications of Internet Protocol 
(IP) network and public switched network (PSN) 
convergence on existing NS/EP services (such as, 
the Government Emergency Telecommunications 
Service (GETS) and the Telecommunications Service 
Priority (TSP)) and to prepare for a Research and 
Development Exchange Workshop (RDX) focusing on 
network convergence Issues. 

The ITPITF analyzed issues related to GETS 
functionality In IP networks. The ITPITF determined 
that because IP networks do not have network 
intelligence features analogous to Signaling System 7 
(SS7), IP networks may not support activation of 
GETS access and transport control and features. 
Furthermore, without quality of service (QoS) features 
to enable priority handling and transport of traffic in 
IP networks, GETS calls may encounter new blocking 
sources and be subject to poor completion rates 
during overload conditions. The ITPITF concluded 
that as the NGN evolves, telecommunications 
carriers’ SS7 networks will become less discrete and 
more dependent on IP technology and interfaces. 
Therefore, it will be necessary to consider the 
security, reliability, and availability of the NGN control 
space related to the provision and maintenance of 
NS/EP service capabilities. 

In addition, the ITPITF analyzed potential Implications 
of convergence on TSP services. The ITPITF 
concurred with the oversight committee that TSP 
services remained relevant in converged networks, as 
TSP assignments could still be applied to identifiable 
segments of the PSN. However, because TSP applies 
only to circuit switched networks, a new program may 
be needed to support priority restoration and 
provisioning in end-to-end packet networks. 

The ITPITF also examined evolving network 
technologies and capabilities that could support 
NS/EP functional requirements in both converged 
networks and the NGN. The ITPITF concluded that 
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QoS and other new NGN capabilities would 
require some enhancement to best satisfy specific 
NS/EP requirements. 

Based on the ITPITF’s May 2000 report to NSTAC 
XXIII, the NSTAC recommended that the President, 
in accordance with responsibilities and existing 
mechanisms established by Executive Order (E.O.) 
12472, Assignment of National Security and Emergency 
Preparedness Telecommunications Functions, direct the 
appropriate departments and agencies, in coordination 
with industry, to: 

► Promptly determine precise functional NS/EP 
requirements for convergence and the NGN; and 

► Ensure that relevant NS/EP functional 
requirements are conveyed to standards bodies 
and service providers during NGN standards 
development and implementation. 

Additionally, the ITPITF recommended that the 
NSTAC XXIV work plan include an examination of the 
potential NS/EP implications related to possible 
security and reliability vulnerabilities of the control 
space in the NGN. 

On September 28-29, 2000, the President’s 
NSTAC co-sponsored its fourth RDX. The event was 
co-sponsored by the White House Office of Science 
and Technology Policy (OSTP) and conducted in 
conjunction with the Telecommunications and 
Information Security Workshop 2000 held at the 
University of Tulsa in Tulsa, Oklahoma. The purpose 
was to exchange ideas among representatives from 
industry. Government, and academia on the 
challenges posed by network convergence. 
Discussions of convergence issues at the workshop 
and the RDX led to the following conclusions: 

► There is a shortage of qualified information 
technology (IT) professionals, particularly those 
with expertise in information assurance and/or 
computer security; 


The President’s National Security Telecommunications Advisory Committee 


► Developing a business case for security poses 
difficult challenges in the commercial sector, and 
there is a need to offset the high costs and high 
risks associated with R&D in security technology; 

► Given the complexity and interdependence 
introduced to networks by convergence and the 
proliferation of network providers and vendors, 
best practices, standards, and protection profiles 
that help to ensure secure interoperable solutions 
must be evenly applied across the NGN; and 

► There is a need to enhance R&D efforts to develop 
better testing and evaluation programs to reduce the 
vulnerabilities introduced by malicious software. 

From these conclusions, the participants at the 

RDX offered several recommendations for 

consideration by the Government and the NSTAC. 

These recommendations focus on improving network 

security in a converged and distributed environment. 

Specifically, the Government should: 

► Establish and continue to fund Government 
programs to encourage increasing the number of 
graduate and undergraduate students pursuing 
study in computer security disciplines; 

► Increase the funding and support to the National 
Security Agency and other Government agencies 
to facilitate the certification of additional 
Information Assurance (lA) Centers of Excellence 
to train and educate the next generation of 
information technology security professionals; 

► Develop tax credits and other financial incentives to 
encourage industry to invest more capital in the 
research and development of security technologies; 

► Expand partnerships on critical infrastructure 
protection issues by encouraging more 
representatives from academia and State and 
local Governments to participate; and 


114 


The President’s National Security Telecommunications Advisory Committee 


► Invest in R&D programs that encourage the 
development of best practices in NGN security, such 
as improved testing and evaluation, broadband 
protection profiles, and NGN security standards. 

To support the Government, the NSTAC should: 

► Consider the issues of best practices and 
standards in its report to NSTAC XXIV; 

► Consider the evolving standards of due care legal 
issues discussed at the R&D Exchange, including 
linked or third party liability and new privacy 
legislation and regulations such as the Health 
Insurance Portability and Accountability Act; and 

► Conduct another RDX in partnership with one or 
more of the lA Centers of Excellence to discuss 
the difficulties in and strategies for both increasing 
the number of qualified IT security professionals 
and enhancing the academic curricula to meet the 
security challenges of the NGN. 

Beginning in September 2000, the Convergence Task 
Eorce (CTE) analyzed issues related to the potential 
security and reliability vulnerabilities of converged 
networks. Based on briefings received from industry 
and Government representatives, the CTE concluded 
that the public switched telephone network (PSTN) is 
becomingly increasingly vulnerable as a result of its 
convergence with packet networks. Of particular 
concern to the CTE was the interoperation of the 
intelligent network of the PSTN with IP networks via 
existing gateways. The CTE noted that malicious attacks 
on these gateways could impact overall network 
availability and reliability. Members suggested that 
possible remedies for these vulnerabilities include 
signaling firewalls implemented at network gateways 
and embedded security capabilities defined through 
standards. The CTE determined that additional analysis 
of these security vulnerabilities is required to gain 
further understanding of the possible consequences of 
the evolving NGN. Such an analysis should include 
examination of the convergence of wireless data 
networks with the PSTN. 
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Furthermore, it was agreed that the NGN must offer 
the NS/EP community quality of service, reliability, 
protection, and restoration features analogous to those 
of the PSTN. To achieve this, the CTE suggested that 
Government foster strong working relationships with 
NGN carriers and work to specify security requirements 
in packet network procurements in an effort to attain 
network reliability commensurate with that of the PSTN. 

In response to concerns expressed by prominent 
Government officials, the CTE also examined issues of 
possible single points of failure in converged networks 
and associated possibilities of widespread network 
disruptions. Through examination of related past NSTAC 
reports and participation in a National Coordinating 
Center for Telecommunications single point of failure 
exercise, the CTE members determined that a scenario 
could not be envisioned, even in the converged network 
environment, in which a single point of failure could 
cause widespread network disruption. Members found 
it more likely that any single points of network failure 
would have only local or “last mile" impacts. However, 
the CTE concluded that unforeseen points of failure 
precluded definitive assertions regarding the 
implausibility of a national level network failure. The 
CTE also found that converged network vulnerabilities 
and possible points of failure could impact service 
availability and reliability essential to NS/EP 
operations rather than creating network component 
failures. Members suggested sharing detailed 
network data among industry, Government, and 
academia was needed to further understand 
converging networks and achieve more accurate 
network modeling and simulation techniques to 
analyze vulnerabilities and their impacts. 

The GTE also examined the ongoing standards 
development efforts supporting NS/EP priority 
requirements in the converged network. Group 
members concluded that, as the NGN evolves to offer 
more advanced broadband services, the Government 
must remain actively involved in the relevant 
standards bodies’ activities to help define and ensure 
the consideration of NS/EP requirements in the IP 
environment. The GTE further encouraged the 
Government to remain actively involved in working 
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group activities reiated to NS/EP issues including the 
Internet Engineering Task Eorce and the International 
Telecommunications Union. 

Based on the CTE’s June 2001 report to NSTAC XXIV, 
the NSTAC recommended that the President direct 
the appropriate departments and agencies, in 
coordination with industry, to: 

► Specify network security, service level, and 
assurance requirements in contracts to help 
ensure reliability and availability of NS/EP 
communications during network convergence 
and in the developing NGN; 

► Ensure that standards bodies consider NS/EP 
communications functional requirements during 
their work addressing network convergence 
issues, including security of PSTN-IP network SS7 
control traffic and development of packet network 
priority services; 

► Plan and participate in additional exercises 
examining possible vulnerabilities in the emerging 
public network (PN) and subsequent NS/EP 
implications on a national and international 
basis; and 

► Utilize the Telecom-ISAC to facilitate the process of 
sharing network data and vulnerabilities to develop 
suitable mitigation strategies to reduce risks. 

Additionally, the GTE recommended that the NSTAC 
XXV work plan include the following tasks: 

► Examine the NS/EP security and reliability 
implications of the convergence of wireless 
data networks with the PSTN and traditional 
wireless networks; 

► Support the efforts of the Government Subgroup 
on Convergence as requested by the Government 
in accordance with NSTAC’s charter; and 
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► Further examine converged network control 
space-related vulnerabilities, including those of 
signaling and media gateways, and analyze 
possible NS/EP Implications. 

Following NSTAC XXIV in May 2001, the lES formed 
the Network Security/Vulnerability Assessments Task 
Force (NS/VATF) and charged the group to address 
public network policy and technical issues related to: 

► Network disruptions, particularly distributed denial 
of service (DDoS) attacks; 

► Security and vulnerability of the converged 
network control space, including wireless, network 
simulation and testing, standards, and 
consequence management issues; and 

► Needed countermeasures {e.g., functional 
requirements) to address the issues above. 

The NS/VATF noted that the September 11, 2001, 
terrorist attacks on the World Trade Center and the 
Pentagon have renewed concerns regarding physical 
threats to the PN. While the telecommunications 
infrastructure had not been a direct target of 
terrorism, it could be in the future. Therefore, the 
NS/VATF concluded that Federal, State, and local 
Government assistance related to preventing, 
mitigating, and responding to such an occurrence 
should be coordinated through the Telecom-ISAC. 

In addition to the enduring physical threat to the 
Nation’s networks, the NS/VATF concluded that cyber 
attacks present a growing threat to the security of 
U.S. information systems and, consequently, to the 
critical communications of the NS/EP community. 

As cyber network attack techniques increase 
in sophistication and intruders continue using 
DDoS techniques to exploit vulnerabilities, cyber 
attacks will likely cause greater collateral Impacts 
to NS/EP communications. Because of this threat 
environment, the NS/VATF concluded that industry 
and Government should continue participating 
in ISACs to develop and implement unified and 
centralized capabilities to respond to attacks as they 
are occurring. 
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The NS/VATF also concluded that additional steps are 
necessary to enhance the security of the controi 
space of the evoiving PN. As network convergence 
continues, maiicious attacks focusing on the network 
control space are increasingly feasible; therefore, 
industry and Government cooperation is necessary to 
address control space vulnerabilities and implement 
remedial tools. The NS/VATF also encouraged 
industry and Government support of the NSIE efforts 
to develop a cross-industry security posture that 
could help provide a foundation for protecting the 
control space of the emerging PN. 

The NS/VATF also expressed concern about security 
issues affecting NS/EP communications transiting 
wireless networks and technologies, including the 
security of the interoperation of wireless and wireline 
networks—and, more specifically, activities 
addressing the wireless access protocol. 

The task force also concluded that Government 
should deploy wireless local area networks with 
higher levels of security and consider policies that 
would reduce the risks of using personal area 
network devices. 

On the basis of its analysis, the NS/VATF stated that 
some of the best strategies for countering 
vulnerabilities of the critical telecommunications 
infrastructure involved: 

► Increasing Government participation in standards 
bodies, and developing a coordinated Government¬ 
wide approach to standards development; 

► Specifying security standards in contracts and 
purchase orders. This process would result in 
more commercial off-the-shelf products and 
services, which the Government can then procure 
at reduced cost; and 

► Increasing stakeholder awareness of cyber 
vulnerabilities and mitigation strategies, including 
strong cyber security and response plans. 
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The NS/VATF concluded that the PN and its services 
supporting NS/EP users would continue to be at risk 
from increasingly technologically sophisticated, 
well-coordinated threat sources. Therefore, industry 
and Government must continue to work together to 
devise countermeasures and strategies to help 
mitigate the impacts of physical and cyber attacks on 
the PN and other critical infrastructures. 

Based on the NS/VATE’s March 2002 report to 
NSTAC XXV, the NSTAC recommended that the 
President direct the appropriate departments and 
agencies, in coordination with industry to: 

► Coordinate and prioritize through the Telecom- 
ISAC, Government assistance to industry to 
protect the Nation’s critical communications 
assets and to mitigate the effects of an attack as 
it is occurring; 

► Encourage and adequately support the 
development and adoption of baseline standards 
and technologies including version 6, Internet 
Protocol Security, and the Emergency 
Telecommunications Service scheme, to help 
bolster core security and reliability of the NGN; 

► Support the NSIEs’ efforts to develop a cross¬ 
industry security posture that could help provide a 
foundation for containing the control space of the 
emerging public network; 

► Work with standards bodies to ensure 
consideration of NS/EP communications 
functional requirements while addressing the 
security of the interoperation of wireless and 
wireline networks, and more specifically, activities 
addressing wireless access protocol; 

► Ensure that all wireless local area networks used 
by the Government meet the highest level of 
security standards available, with priority given to 
those supporting NS/EP missions; and 

► Develop policies and procedures to support the 
use of personal area network devices while 
reducing their risk of compromise. 
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Following the NSTAC XXVII Meeting held on 
May 19, 2004, the NSTAC Principals created the 
Next Generation Networks Task Force (NGNTF), to 
conduct an examination of NS/EP requirements and 
emerging threats on the NGN. As an initial step, the 
NGNTF assembled a group of subject matter experts 
(SMEs) and government stakeholders in August 2004 
to determine how best to meet the task’s significant 
objectives. As a result of the meeting, the group 
identified five fundamental areas of examination: 

(1) NGN description; (2) NGN service scenarios and 
user requirements; (3) end-to-end services 
provisioning; (4) NGN threats and vulnerabilities; and 
(5) incident management on the NGN. In response to 
government stakeholder questions during the 
meeting, the NGNTE agreed to undertake a quick 
turn around report on the near term actions that 
could be undertaken to reduce the impact of network 
transition issues on NS/EP communications and to 
identify areas where immediate government 
involvement was needed to foster activities in areas 
such as NGN standards and systems development 
activities that may be proceeding without 
consideration of NS/EP needs. 

Based on fhe near-term analysis conducted by the 
NGNTE, the Committee offered the following 
recommendations to the President in March 2005: 

► Use existing and appropriate cross-Government 
coordination mechanisms to track and coordinate 
cross-agency NGN activities and investment; 

► Explore the use of Government [civilian and 
Department of Defense (DOD)] networks as 
alternatives for critical NS/EP communications 
during times of national crisis; 

► Use and test existing and leading-edge technologies 
and commercial capabilities to support NS/EP user 
requirements for security and availability; 

► Support the development and use of identity 
management mechanisms, including strong 
authentication; 
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► Study and support industry efforts in areas that 
present the greatest NS/EP risks during the period of 
convergence, including gateways, control systems, 
and first responder communications systems; 

► Review the value of satellite systems as a broad 
alternative transmission channel for NS/EP 
communications; 

► Participate more broadly and actively in the NGN 
standards process in partnership with the private 
sector in the following areas: web services, 
directory services, data security, network 
security/management, and control systems; and 

► Focus on developing cohesive domestic and 
international NS/EP communications policy 
and conduct inter-governmental discussions on 
NS/EP communications. 

The NGNTF then turned its attention to the 
longer-term taskings, leveraging significant 
involvement from industry and government SMEs 
involved in the day-to-day transition of the NGN and 
creating working groups to address each issue area. 
Ultimately, the NSTAC, based upon the work of the 
NGNTE, agreed upon nine recommendations, the 
implementation of which they believed would support 
the ability of the NGN to meet NS/EP functional 
requirements while also providing greater capabilities 
to NS/EP users. 

The NSTAC Principals approved the following 
recommendations to the President in March 2006: 

► Identity Management. Direct the Office of 
Management and Budget (0MB), the Department 
of Commerce (DOC), and the Department of 
Flomeland Security (DFIS) to work with the private 
sector in partnership to build a federated, 
interoperable, survivable, and effective identity 
management framework for the NGN that: 

(1) includes a common assurance taxonomy that 
addresses NS/EP requirements and is usable in 
both the Government and commercial domains; 

(2) minimizes identity “silos" (identity stores 
containing usernames and passwords that is not 
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or cannot be used by another applications), 
allows federation between the Government and 
commercial domains, and supports use of 
Government issued credentials for identification on 
the NGN; (3) meets other NS/EP requirements, 
including priority access to NS/EP 
communications services; (4) supports broad 
use of commercial technology, along with existing 
and emerging protocols and standards; and 
(5) includes explicit protections for privacy. 

► Coordination on Common Operational Criteria for NGN 
NS/EP End-to-End Services. Direct the Office of 
Science and Technology (OSTP), with support 
from the collective National Communications 
System (NCS) agencies, to establish a Common 
Operational Criteria development framework to 
meet NS/EP user requirements on the NGN. This 
would be a joint Industry-Government initiative to 
ensure NS/EP communications capabilities in the 
NGN environment, and would include the creation 
of a regular NGN summit with annual reporting 
that would enable telecommunication/information 
technology (IT) industry sector and Government 
stakeholders to: (1) develop and coordinate 
common NGN planning activities; (2) measure 
progress of NGN-related efforts; and 
(3) recommend and monitor programs that would 
foster NS/EP capabilities within the NGN, 
including initiatives concerning: 

• A priority regime for both encrypted and 
unencrypted packets supported by a set of 
standards specifying how that priority is to be 
translated end to end among the different 
networks connected to the NGN, consistent 
with a user’s NS/EP authorization and required 
class of service; and 

• NGN designs that respond to NS/EP 
requirements, including supporting a mixed 
protocol operational environment during the 
transition into IP version 6; peer-to-peer 
networks and systems for independence from 
centralized infrastructure; meshed networks for 
resiliency and deployability; and IP Security for 
authentication and confidentiality. 
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► Research and Development (R&D). In support of the 
prior recommendation, direct OSTP, with support 
from other relevant agencies, especially the 
Science and Technology Directorate of DHS, the 
National Institute of Standards and Technology 
(NIST), and DOD to establish and prioritize within 
the Eederal Government initiatives that will foster 
collaborative and coordinated R&D supporting the 
Common Operational Criteria and accelerate 
demonstrations of critical NGN NS/EP-supporting 
capabilities or technology among NGN 
telecommunication/ IT and service providers. 

► Technology Lifecycle Assurance and Trusted 
Technology. Direct OMB, OSTP, DOD, DHS, and 
DOC to drive comprehensive change in the security 
of NS/EP information and communications 
technology through policy, incentives, and research 
supporting the development and use of: 

(1) technology lifecycle assurance mechanisms; 
and (2) innovative trusted technologies that reduce 
the presence of intrinsic vulnerabilities. 

► Resilient Alternate Communications. Direct OMB and 
DHS, in accordance with their respective authorities, 
to ensure that Eederal agencies are developing, 
investing in, and maintaining resilient, alternate 
communications for the NGN environment. 
Specifically, DHS and OMB should require that 
NS/EP communicators, including incident 
managers and emergency responders, plan for 
communications resiliency especially by examining 
alternative or substitute access methods to the NGN 
to address specific threat scenarios, which methods 
can augment and possibly replace, at least 
temporarily, damaged or diminished access to the 
communications infrastructure. 

► Agreements, Standards, Policy, and Regulations. 

Direct DHS, the Department of State, and 
DOC (including NIST and the National 
Telecommunications and Information 
Administration) to engage actively with and 
coordinate among appropriate domestic and 
international entities to ensure that the relevant 
policy frameworks support NGN NS/EP 
capabilities. These policy frameworks are 
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established through Agreements, Standards, 
Policies, and Reguiations (ASPR). As part of the 
Common Operationai Criteria deveiopment 
framework, these agencies shouid continuously 
monitor the entire lifecycle of ASPR associated 
with ensuring NS/EP capabilities to identify and 
act on opportunities to enhance ASPR, address 
their vulnerabilities, and eliminate potential 
impediments to providing NS/EP capabilities in a 
globally-distributed NGN environment. 

► Incident Management on the NGN. Direct DEIS to 
establish an inclusive and effective NGN incident 
response capability that includes a Joint Coordination 
Center, incorporating and modeled on the National 
Coordinating Center (NCC), for all key sectors, but 
particularly both the Communications and IT 
Sectors, and supporting mechanisms such as a 
training academy and a collaboratively developed, 
broadly participatory, and regularly evaluated 
exercise program. This capability should be 
enhanced by an appropriate R&D program. 

► International Policy. Direct departments and 
agencies to develop cohesive domestic and 
international NS/EP communications policy 
consistent with the recommendations in this 
report, in particular: (1) developing 
intergovernmental cooperative mechanisms to 
harmonize NS/EP policy regimes in participating 
countries consistent with the recommendations in 
this report; (2) establishing the rules of 
engagement for non-United States (U.S.) 
companies in NS/EP incident response in the U.S. 
and (3) addressing how information sharing and 
response mechanisms should operate in the 
international NGN environment. 

► First Responders. Direct DHS and other appropriate 
Government agencies to assist first responders and 
public safety organizations in making the transition to 
the NGN, which will provide them with greater 
capabilities, but will also be a challenge to achieve 
given their limited resources and legacy systems. 
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Actions Resulting from NSTAC Recommendations 

Based on NSTAC recommendations, the NCS is actively 
participating in various standards bodies to ensure 
consideration of NS/EP functional requirements during 
convergence and in the NGN. The NCS is contributing 
to activities of the European Telecommunications 
Standards Institute, Telecommunications and Internet 
Protocol Harmonization over Networks (ETSI TIPHON) 
group. ETSI TIPHON is examining several security 
issues related to convergence, including identification 
and authentication procedures for emergency calls, and 
issues related to cyber attacks and malicious intrusion 
into networks. 

The NCS is also active in International 
Telecommunication Union Standardization Sector 
efforts regarding recommendation E.106, Description 
of the International Emergency Preference Scheme 
(lEPS). lEPS recognizes the requirement for priority 
communications among Government, civil, and other 
essential users of public telecommunications services 
in crisis situations. lEPS, which is similar to GETS, 
would give authorized users priority access to and 
transport of NS/EP-related calls on an international 
basis within the PSTN and integrated services digital 
network infrastructures. 

Citing findings of the ITPITF, on March 9, 2001, the 
National Coordinator for Security, Infrastructure 
Protection, and Counter-terrorism established, in 
conjunction with OSTP, an interagency Convergence 
subgroup under the Counter Terrorism and National 
Preparedness Information Infrastructure Protection 
Assurance Group. The purpose of this Convergence 
Working Group (CWG) was to address issues 
associated with the convergence of the voice and 
data networks and the implications of this 
convergence on NS/EP telecommunications services. 
The associated policy, legal, security, and technical 
issues were previously identified in a Report of the 
CTE, dated December 29, 2000. The CWG issued its 
final report on Eebruary 14, 2002. 

In addition, the NCS currently has representation on 
several key standards organizations, including the 
Alliance for Telecommunications Industry Solutions 
(ATIS), the Internet Engineering Task Force, the 
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International Telecommunications Union (ITU), and 
the 3rd Generation Partnership Project, in support of 
standard solutions. The NCS Standards Branch 
contuse to provide ieadership to and be activeiy 
invoived in supporting NS/EP Priority Service 
requirements in national and international standards 
organizations to influence the standards organizations 
to include enhancements to the standards that 
benefit the NS/EP community. 

The NCS also continues to take every opportunity 
to test and prototype leading-edge technologies and 
commercial capabilities supporting NS/EP 
requirements, such as NS/EP scenarios prototyped in 
Global MultiService Eorum (MSP) interoperability events. 
The NCS continues to participate in the MSE meetings 
and coordinate with industry regarding NGN NS/EP 
priority services that can be prototyped and 
demonstrated in the international, multi-carrier 
environments of the l\/ISF2008 Global Interoperability 
Event. The NCS plans to provide NGN Broadband Video 
Priority Services and other capabilities by prototype and 
a series of progressive demonstrations for different 
classes of traffic. The bandwidth prioritization concept is 
being considered as part of the NS/EP NGN broadband 
priority services and a white paper together with a demo 
plan and proposed schedule is being prepared for 
funding considerations. 

The NCS has initiated the development of the Next 
Generation Priority Services Experimental Testbed 
Environment to prototype and ensure that next 
generation emergency telecommunications services 
will operate end-to-end. In addition, the NCS is 
currently utilizing modeling, prototyping, and standards 
development to assist with an IP Multimedia 
Subsystem (IMS) Industry Requirement (IR) process 
that includes service providers, vendors, and 
standards bodies. The IM SIR process will support 
defining of NS/EP requirements for the NGN. 
Furthermore, the NCS initiated the IMS (NGN 
Architecture) Industry Review to develop requirements 
for next generation priority services in support of the 
NS/EP mission. The 2007 NS/EP IP IMS Core 
Network IR for NGN GETS, Phase 1, Voice Service 
was issued December 21, 2007. A two-day NS/EP IMS 
Access Network IR kickoff meeting was held with 
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industry March 4-5, 2008, and addressed the NCS’s 
plan to work with the industry to develop industry 
requirements for NS/EP priority voice and broadband 
services for seven different access technologies. 

Following the NSTAC XXIX Meeting held on May 9, 

2006, the NSTAC established the International Task 
Force, to conduct an examination of the NS/EP 
implications of international communications. Please 
see the International Communications section in the 
Active Issues section of this NSTAC Issue Review for 
more information. 

As the government response to the NSTAC Report on 
International Communications, the NCS Committee of 
Principals voted to establish the International 
Communications Working Group (ICWG) in the fall of 

2007. The ICWG will assess the broad range of issues 
and requirements inherent in the establishment and 
global adoption of a framework to enhance the resiliency 
of the global communications infrastructure. 

Reports Issued 

Network Group Internet Report: An Examination of the NS/EP 
Implications of Internet Technologies, June 1999. 

Information Technology Progress Impact Task Eorce Report on 
Convergence, May 2000. 

Research and Development Exchange Proceedings: Transparent 
Security in a Converged Network Environment, September 2000. 

Convergence Task Eorce Report, June 2001. 

Network Security Vulnerability Assessments Task Eorce 
Report, March 2002. 

Next Generation Networks Task Eorce Report Near Term 
Recommendations, March 2005. 

Next Generation Networks Task Eorce Report, March 2006. 
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Network Security 

Investigation Group / Period of Activity 

Network Security Task Force (NSTF) 

February 1990 - August 1992 

Network Security Information Exchange (NSIE) 

June 2001 - Present 

Network Security Standards Oversight Group (NSSOG) 

August 1992-January 1995 

Network Security Steering Committee (NSSC) 

August 1992 - December 1994 

Network Security Group (NSG) 

December 1994 - April 1997 

Network Group (NG) 

April 1997 - September 1999 

Embedded Interoperahle Security Issue Scoping Group (EISISG) 

June 1999 - November 1999 

Protecting Systems Task Force (PSTF) 

September 1999 - May 2000 

Internet Security/Architecture Task Force (IS/ATF) 

April 2002-April 2003 

Operations, Administration, Maintenance, and Provisioning 
(OAM&P) Standard Working Group 

February 2003 - August 2003 

Issue Background 

Network security issues lie at the core of the 
President’s National Security Telecommunications 
Advisory Committee’s (NSTAC) work on behaif of the 
President. The NSTAC initiated in-depth review of 
network security issues in February 1990 when the 
committee’s Industry Executive Subcommittee (lES) 
established the NSTE to address the National 
Security Council’s concern about the vulnerability of 
the Nation’s telecommunications networks to 
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intentional software disruptions or manipulations that 
could threaten national security and emergency 
preparedness (NS/EP) communications. Plaving 
completed its original task, the lES reestablished the 
NSTF at the December 1990 NSTAC Meeting and 
charged it to work closely with, and in support of, the 
Government Network Security Subgroup (GNSS). In 
June 1991, the NSTF established the NSTAC NSIE. 
The task force submitted its final report and 
recommendations to the NSTAC on July 17, 1992. 

On August 26, 1992, the lES deactivated the NSTF 
and established the NSSC and the NSSOG. The 
NSSOG completed its task and disbanded in January 
1995. The lES subsequently renamed the NSSC the 
NSG in accordance with the December 1994 lES 
Guidelines. In April 1997, the lES realigned its 
groups and renamed the NSG the NG. In September 
1999, the lES restructured and created the PSTF to 
accomplish the tasking formerly assigned to the NG. 

During the NSTAC XXVI cycle, the lES created the 
IS/ATF to develop policy recommendations with 
respect to the vulnerabilities in pervasive software 
and protocols critical to the operation of the Internet. 

In 2002, the NSTAC’s NSIE and the Government 
NSIE established the Security Requirements Working 
Group (SRWG) to examine the security requirements 
for controlling access to the public switched network, 
in particular with respect to the emerging next 
generation network. Members of the SRWG, 
representing a cross-section of telecommunications 
carriers and vendors, developed an initial list of 
security requirements that would allow vendors, 
Government departments and agencies, and service 
providers to implement a secure telecommunications 
network management infrastructure. The SRWG 
developed this initial list of security requirements as 
a consensus document and submitted it as a 
contribution to the Alliance for Telecommunications 
Industry Solutions (ATIS) Committee Tl- 
Telecommunications, Working Group T1M1.5 
OAM&P Architecture, Interface and Protocols for 
consideration as a standard. 
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Representatives from T1M1.5, the NSTAC NSIE, the 
Government NSIE, and TlMl liaison organizations 
further refined the initial document and developed 
the standard, entitled Operations, Administration, 
Maintenance, and Provisioning Security Requirements for the 
Pubiic Tetecommunications Network: A Baseiine of Security 
Requirements for the Management Ptane. Committee T1 
approved the standard (Tl.276-2003) in July 2003. 

During the NSTAC XXVII cycle, the lES created the 
OAM&P Standard Working Group to further examine 
the standard and develop conclusions and 
recommendations for action. 

History of NSTAC Actions and Recommendations 

On July 17, 1992, the NSTAC approved the Network 
Security Task Force Finai Report. The report recommended 
that the President: 

► Publicly support the NSTAC network security 
initiative; and 

► Establish a Government focal point for 
coordination on network security standards. 

The NSTAC also endorsed both the NSSOG and a 
strong network security information exchange among 
industry companies. The NSTAC formed its NSIE in 
1991, paralleling a GNSS effort to create a Government 
NSIE. The joint meetings of the NSTAC and 
Government NSIEs remain a unique industry and 
Government forum where representatives exchange 
information on network threats and vulnerabilities in a 
trusted, nondisclosure environment. 

The lES established the NSSOG and the NSSC in 
response to NSTAC XIV charges to continue network 
security activities. The lES established the NSSC as a 
permanent lES working group with oversight 
responsibility for network security activities. 

On May 27, 1993, the NSSC recommended that the 
President: 


The President’s National Security Telecommunications Advisory Committee 


► Correct the legislative deficiencies affecting the 
capability to gather evidence about computer 
crimes and to prosecute and convict computer 
criminals who target computers that support the 
national telecommunications infrastructure. 

In Eebruary 1994, the Government and NSTAC 
NSIEs sponsored a Network Security Symposium. 
These groups designed the symposium to inform 
attendees of the potential threats to and 
vulnerabilities of the public switched network (PSN) 
from computer intruders. Subject matter experts 
from industry. Government, and law enforcement 
presented information. 

At the March 2, 1994, NSTAC XVI meeting, the 
NSSC updated its assessment of the risk to the PSN 
and noted its plans to strengthen the NSTAC NSIE 
and expand its membership. 

On June 28, 1994, the Government and NSTAC 
NSIEs sponsored a network firewalls workshop. The 
workshop provided an overview of firewall 
technologies, addressed strategies for mitigafing 
vulnerabilities, discussed firewall uses and 
applications, and reviewed case histories. 

In October 1994, the NSSOG released a technical 
report focusing on nefwork securify sfandards issues 
for the PSN. In Its report, the NSSOG categorized 12 
recommendations on policy, procedural, and 
technical issues important to promoting 
interoperability, mitigating current or future threat 
scenarios, implementing realistic solutions, and/or 
addressing a range of technologies or architectures. 

At the January 12, 1995, NSTAC XVII meeting, the 
NSTAC approved the NSSOG report and 
recommended that the President: 

► Task the National Institute of Standards and 
Technology (NIST) and other Government 
organizations to support industry in the 
development of sfandards recommended in the 
NSSOG report. 
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At the February 28, 1996, NSTAC XVIII meeting, the 
NSTAC approved the NSG’s findings with respect to 
determining NSTAC’s potential contributions to 
developing a middle-ground security technology 
solution. The NSTAC also presented the findings of a 
report entitled, An Assessment of the Risk to the Security of 
Pubiic Networks, which was co-authored by the 
Government and NSTAC NSIEs. 

On September 11, 1996, the Government and 
NSTAC NSIEs sponsored a symposium on securing 
data networks. This event continued successful 
efforts by the NSIEs to share lessons learned about 
network security with a broader audience through 
workshops and analytical reports. 

Also in September 1996, the NSG sponsored the 
Network Security Research and Development (R&D) 
Exchange. The event’s purpose was to analyze R&D 
activities ongoing in both the public and private sectors 
and to address issues of authentication, intrusion 
detection, and access control from the capabilities 
management perspective. In November 1996, the 
NSG organized the Forward-Looking Analysis Panel to 
consider the impact of the Telecommunications Act of 
1996 on network security and NS/EP 
telecommunications services. The panel addressed 
issues such as carrier interconnection, collocation, and 
open network architecture. The Federal 
Communications Commission’s (FCC) Network 
Reliability and Interoperability Council (NRIC) 
considered the panel’s input and subsequently 
included it in the NRIC’s final report. 

At the March 18, 1997, NSTAC XIX meeting, the NSG 
reported on its work to address the impact of the 
changing regulatory and technological environment on 
NS/EP telecommunications services. The NSG also 
reviewed its recent activities in the areas of R&D, 
intrusion detection, and forward-looking network control 
security analysis. At the meeting, the NSG outlined the 
efforts of the newly established Intrusion Detection 
Subgroup (IDSG) and its charge to explore a more 
cooperative approach to developing enhanced intrusion 
detection tools. The NSG concluded by addressing the 
activities of the NSIEs and noted that the NSTAC NSIE 
expanded its membership from nine to twenty. 
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Eollowing NSTAC XIX, the NG’s IDSG assessed 
network intrusion detection R&D activities to 
determine whether NS/EP considerations required 
additional efforts. Working with industry groups, the 
Defense Advanced Research Projects Agency 
(DARPA) and other Government groups, the IDSG 
identified the current state of intrusion detection 
research. The IDSG subsequently provided a report 
to NSTAC XX in December 1997 detailing its findings 
and recommendations for the President to consider 
in promoting the R&D of intrusion detection 
technologies. The NSTAC accepted and approved 
the report and recommended that the President: 

► Promulgate a national technology policy to 
address intrusion detection; 

► Establish an interagency working group for 
intrusion detection; 

► Increase R&D funding for intrusion detection for 
network control systems vital to continued 
operation of critical infrastructures; and 

► Encourage cooperative development programs. 

The NG established another subgroup following NSTAC 
XIX to respond to a request by Dr. John Gibbons, then 
Assistant to the President for Science and Technology. 
Dr. Gibbons asked NSTAC to determine the likelihood 
of a widespread telecommunications outage, identify 
industry plans in place for intercarrier coordination to 
respond to such an outage, and describe how 
telecommunications service providers and the 
Government would cooperate to assure the President 
that restoration priorities would meet the national 
interest. The NG established the Widespread Outage 
Subgroup (WOS) to focus on these issues and 
provided a report to NSTAC XX reflecting its findings. 
The WOS determined that, given the limited precedent 
for telecommunications outages of such magnitude, 
there was a low probability of a widespread, sustained 
outage of public telecommunications service. In 
December 1997, the NSTAC approved the WOS report 
and recommended that the President: 
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► Direct the appropriate Federal departments 
and/or agencies to work with industry to improve 
intercarrier coordination plans and procedures; 

► Encourage the FCC to maintain a Defense 
Commissioner at all times to help industry and 
Government overcome legal and regulatory 
impediments to a rapid and orderly restoration of 
service during a widespread telecommunications 
outage; 

► Task the appropriate Federal departments and 
agencies to work with industry to advance the 
state-of-the-art for software integrity; and 

► Direct the expansion of Government R&D efforts 
to address the most significant vulnerabilities of 
new and evolving telecommunications 
technologies and services. 

Following NSTAC XX, the NG examined the readiness 
of the telecommunications industry to ensure continuity 
of service through the millennium change, focusing on 
NS/EP and the national telecommunications 
infrastructure. The NG surveyed telecommunications 
service providers, equipment vendors, system 
integrators, industry forums addressing the Year 2000 
(Y2K) problem, and vendors providing Y2K solutions. 
The NG concluded that significant efforts were 
underway in both industry and Government to eradicate 
the Y2K problem within the Nation’s 
telecommunications infrastructure. Flowever, given the 
extent and complexity of the Y2K software 
augmentation, there were no guarantees that Y2K 
measures would anticipate, and/or prevent, every 
problem. In September 1998, the NSTAC approved the 
NG’s Year 2000 Problem Status Report and recommended 
that the President: 

► Direct appropriate departments and agencies to 
develop contingency plans to: 

► Respond to Y2K-induced service impairments of 
the Government’s NS/EP customer premises 
equipment (CPE), functions, and applications 
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► Fulfill mission-critical NS/EP responsibilities in the 
event of Y2K induced PN service impairments 

► Direct his Y2K focal point to ensure the 
coordination of the Government’s requests for 
Y2K readiness information from the 
telecommunications industry 

Following NSTAC XXI, the NG continued the tasking 
from the NSTAC XX meeting to examine how NS/EP 
operations might be affected by a severe disruption 
of Internet service. In conjunction with the gap 
analysis effort by the Office of the Manager, National 
Communications System (OMNCS), NG members 
provided their individual perspectives on the Public 
Network (PN) Alternatives Analysis Report developed by the 
OMNCS. During this cycle, the NG continued to 
oversee the NSTAC NSIE and worked toward 
facilitating the exchange of network security R&D 
information between industry and Government. 

The R&D effort subsequently resulted in an 
NG-sponsored R&D Exchange in October 1998, held 
in collaboration with activities sponsored by Purdue 
University’s Computer Operations, Audit, and 
Security Technology (COAST) Laboratory and the 
Institute of Electrical and Electronics Engineers 
(IEEE). The exchange focused on two themes. The 
first theme examined how industry and Government 
can better collaborate on R&D. The second 
examined the growing convergence of 
telecommunications and the Internet. The attendees 
overwhelmingly agreed on the need to identify 
potential centers of excellence in industry. 
Government, and academia and provide them with 
appropriate long-term funding to promote the 
development of computer and network security 
professionals, disciplines, and programs. Equally 
important was the need to establish large-scale 
testbeds to promote joint research, develop and 
verify metrics and evaluate security products, and 
address other technical needs in network security 
and information assurance. 

The Government and NSTAC NSIEs completed an 
after-action report on the workshop, The Insider Threat to 
Information Systems: A Framework for Understanding and 
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Managing the Insider Threat in Today’s Business Environment. 
The workshop was held in June 1998. The after-action 
report provided for sharing iessons learned in this vital 
area of insider threat that is affecting both industry 
and Government. In addition, the NSIEs completed 
their 1999 Assessment of the Risk to the Security of the Public 
Network. The NSIEs concluded that the 1995 findings 
regarding the overall vulnerabilities of the PN were still 
valid. Old vulnerabilities were still being exploited even 
though fixes were readily available. Vulnerabilities in 
many of the PN’s diverse technologies (including, 
Signaling System 7 [SS7], Intelligent Networks [IN], 
Asynchronous Transfer Mode [ATM], and 
Synchronous Optical Network [SONET]) remained 
unaddressed. The interconnectivity among 
technologies and networks had not merely persisted, 
but had become even greater than it was in 1995. 
Between 1995 and 1999, three major factors 
exacerbated the overall vulnerability of the PN: the 
Telecommunications Act of 1996 (Telecom Act), changing 
business practices, and the Y2K problem. 

In addition, the NSTAC NSIE revised its charter to 
bring it in line with how the NSIEs function. The 
NSIEs are primarily information sharing bodies in the 
area of network vulnerabilities and threat analysis. 

In June 1999, the NG completed its work on the 
Internet Report: An Examination of NS/EP Implications of 
Internet Technologies. The report addressed the following 
three objectives: 1) examine the extent to which 
NS/EP operations will depend on the Internet over 
the next 3 years; 2) identify vulnerabilities of network 
control elements associated with the Internet and 
their ability to cause a severe disruption of Internet 
service, applying lessons learned from NSTAC’s 
similar studies of the PSN; and 3) examine how 
Internet reliability, availability, and service priority 
issues apply to NS/EP operations. 

The NG concluded that the NS/EP community’s 
direct dependence on the Internet for mission critical 
operations was modest. Departments and agencies 
with NS/EP responsibilities were using the Internet 
mostly for outreach, information sharing, and 
electronic mail. The NS/EP community was more 
inclined to depend on dedicated Transmission 
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Control Protocol/Internet Protocol (TCP/IP) networks 
(also called intranets) for mission-critical NS/EP 
operations, at this time, because of significant 
security and reliability concerns associated with the 
Internet. In June 1999, the NSTAC approved the 
NG’s report and the following recommendations: 

► Recommend that the President, in accordance 
with responsibilities and existing mechanisms 
established by Executive Order 12472, Assignment 
of National Security and Emergency Preparedness 
Telecommunications Eunctions, direct the 
establishment of a permanent program to address 
NS/EP issues related to the Internet. The program 
should have the following objectives: 

• Work with the NS/EP community to increase 
understanding of evolving Internet 
dependencies 

• Work with key Internet organizations and 
standards bodies to increase awareness of 
NS/EP requirements 

• Interact with the appropriate Internet 
organizations and initiatives to investigate, 
develop, and employ NS/EP-specific Internet 
priority services, such as end-to-end priority 
routing and transport 

• Examine the potential impact of IP network-PSN 
convergence on PSN specific priority services 

► Recommend that the President direct the 
appropriate Government departments and 
agencies to use existing industry/Government 
partnership mechanisms to increase awareness 
of NS/EP requirements within key Internet 
organizations and standards bodies 

In addition, the NSTAC directed the lES to examine 
the potential impact of IP network-PSN convergence 
on PSN-specific NS/EP priority services (including, 
Government Emergency Telecommunications 
Service [GETS] and Telecommunications Service 
Priority [TSP]). 
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Following the NSTAC XXV Meeting on March 13, 2002, 
the lES again focused on network and Internet security 
issues. At the meeting, the Special Advisor to the 
President for Cyberspace Security discussed the 
serious threats posed by vulnerabilities within the 
Domain Name Servers and the Border Gateway 
Protocol. In response to these concerns, the NSTAC 
created the ISATF to develop recommendations to the 
President on how to identify and remediate 
vulnerabilities in pervasive software/protocols, define 
the “edge” elements of the Internet, and determine 
ways that the NSTAC could integrate its efforts to define 
and monitor significant critical infrastructures 
supporting the Internet with other industry activities. 

I n its First Steps in Identifying and Remediating Vuinerabiiities 
in Pervasive Software/Protocois report, the ISATF analyzed 
five stages relevant to identifying and remediating 
vulnerabilities in pervasive software and protocols: 
prevention, detection, information sharing, analysis, 
and correction. In the area of prevention, the task 
force advocated aggressive public-private research 
and development activities and cited the need to 
develop adequate alert and warning systems to 
support the operations of information sharing and 
analysis centers. The task force also identified 
barriers to the effective detection of vulnerabilities, 
such as the myriad number of forums devoted to 
detection and the lack of standardization in reporting 
procedures. Next, the task force emphasized that 
significant barriers to information sharing exist, such 
as the Freedom of Information Act (FOIA) and liability 
concerns, and advocated the creation of legislation 
that would ease the sharing of critical information. 
The ISATF also concluded that the analysis functions 
within industry that detect and publish vulnerabilities 
appear to be adequate, but the Government may find 
some benefit in better leveraging available synergies 
by consolidating Government-funded analysis 
centers where appropriate. Finally, the task force 
observed that while many organizations are 
successfully correcting and remediating 
vulnerabilities, they fail to utilize a streamlined 
method for expeditiously disseminating corrected 
information to the telecommunications and Internet 
service provider (ISP) communities. 
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Based on the findings of the ISATF report, the 
NSTAC recommended that the President direct the 
appropriate departments and agencies, in 
coordination with industry, to: 

► Consolidate Government-funded watch center 
operations of agencies and departments 
dedicated to the detection and dissemination of 
information related to Internet vulnerabilities into 
one organization to create a more efficient and 
effective collaborative industry/Government 
information-sharing partnership; 

► Establish a lead organization within the 
Department of Flomeland Security (DEIS) to 
coordinate with industry a process for warning, 
notification, coordination, and remediation of 
widespread problems in a national emergency; 

► Recognize the need to involve all aspects of the 
Internet in the process of identifying significant 
vulnerabilities, including the web hosting, network 
access provider, backbone, and ISP communities; 

► Fund efforts related to identifying and mitigating 
vulnerabilities in the most critical protocols or 
software that key sectors of the Nation’s 
infrastructure rely upon; and 

► Promote and support legislation to address FOIA, 
antitrust, and liability concerns regarding 
information shared by industry for the purposes 
of critical infrastructure protection. 

Additionally, the ISATF made other recommendations 
focused on developing a process for the Internet 
community, both private and public, to share 
information within its component communities, and 
within the larger telecommunications and Internet 
infrastructure context. 

At the NSTAC XXV Meeting, participants also 
expressed concern over the ability to defend the 
Internet by protecting the edges of the Internet 
against attack or exploitation. In response to these 
concerns, the lES tasked the ISATF to provide 
guidance on how to define the edge of the Internet. 
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Through detailed analysis, the ISATF determined that 
because the Internet is not a single network but a 
network of interconnected networks, there is no 
single definition of the edge, as the definition 
depends on perspective. The ISATF also noted that 
there are many different ways to define the edge that 
include, but are not limited to the following: all 
systems that contain Internet Protocol (IP) addresses 
that do not route IP packets; the composition of 
information systems; and zones of responsibility for 
network operators versus end-users. In addition, the 
group noted that emphasis should focus not on 
defining the edge of the Internet but on defending 
the Internet as the adoption of a single definition of 
the edge could prevent critical security precautions 
from being addressed in other areas. 

Based on the ISATF’s analysis, the NSTAC 
recommended to the President that: 

► The Government should continue its work to identify 
the critical national security and emergency 
preparedness missions and functions supporting 
those missions that rely on the Internet and 
encourage the parties responsible for those missions 
to ensure that they are adequately protected through 
redundancy and alternative capabilities; 

► Industry, standards bodies, software vendors, 
equipment vendors, network operators, and 
end-users of all products and services that make 
up the Internet should ensure that these products 
have built-in baseline security features and that 
these capabilities are appropriately configured 
and kept current; and 

► The Government should work with Internet 
security experts and standards bodies to develop 
a standard set of key warnings and indicators that 
all service providers can use as a baseline to 
measure security threats. 

The NSTAC’s OAM&P Working Group recognized that 
Executive Orders, Presidential directives, and 
Presidential commissions have specified infrastructures 
as national assets that are critical to the defense and 
economic security of the United States. 
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Telecommunications is one of these critical 
Infrastructures. Security for the network management 
functions controlling this infrastructure is essential. 
Many standards for network management security 
exist; however, compliance is low and implementation 
is inconsistent across the various telecommunications 
equipment and software providers. In addition, service 
providers are specifying contradicting requirements for 
products, which results in inconsistent vendor feature 
sets and potentially higher costs for vendors. Finally, as 
the telecommunications industry transitions to a 
converged network environment, new security 
challenges emerge; and threats in the public network 
become threats in the management and control planes. 

Previous NSIE security assessments of the public 
network have also documented the management 
plane’s vulnerabilities and susceptibility to intruder 
attacks. Because an increasing number of networks 
are closely tied to intranets, these networks are 
susceptible to hacker threats. Eurthermore, the lack of 
standards to address this issue enables intruders to 
penetrate vulnerabilities and further deteriorate the 
telecommunications networks. Therefore, an urgent 
need exists for this baseline standard to provide 
much-needed security mechanisms for 
telecommunications carriers and vendors to implement. 

The OAM&P Standard Working Group reviewed 
Tl.276-2003 and concluded that the current 
standard addresses only one aspect (such as, the 
management plane) of an overall end-to-end security 
solution. Tl.276-2003 addresses security for 
network element, management system, and element 
management system equipment only; it does not 
specifically address security for other equipment, 
such as customer premises equipment. Apart from 
the Tl.276-2003 requirements, the current standard 
assumes that effective hardware and software 
controls provided by the operating system protect the 
data and resources being managed. 

In addition, the OAM&P Standard Working Group 
developed recommended to the President that: 
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► The National Institute of Standards and 
Technology (NIST) review the Tl.276-2003 
standard. If a review finds a conflict between the 
Tl.276-2003 standard and existing Federal 
Information Processing Standards and NIST 
publications, NIST should make these conflicts 
known to the appropriate standards bodies; 

► Federal departments and agencies be 
encouraged to use the Tl.276-2003 standard in 
requests for proposals, as appropriate; and 

► Through the DHS, encourage officials responsible 
for other infrastructures to consider the elements 
of the Tl.276-2003 standard as a baseline for 
security requirements and adapt appropriate 
requirements for their respective infrastructure. 

Actions Resulting from NSTAC Recommendations 

In response to an NSTAC XIV charge to continue 
network security activities, the lES established the 
NSSC and the NSSOG. The lES charged the NSSC to: 

► Oversee the NSIE and recommend NSIE follow-on 
activities; 

► Establish and oversee the NSTAC NSSOG; 

► Continue involvement in R&D information 
exchange; 

► Represent the NSTAC on NSIE matters to the ECC 
Network Reliability Council (subsequently renamed 
the Network Reliability and Interoperability Council) 
and the Manager, NCS; and 

► Support other network security issues as required. 

The lES charged the NSSOG to establish and 
prioritize industry objectives for network security 
standards to support NS/EP capabilities, and to work 
with the standards community to provide guidance 
and motivation to develop and accept industry-wide 
standards. 
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In response to recommendations at NSTAC XV, 
Congress included provisions in the Violent Crime 
Control and Law Enforcement Act of 1994 that 
expanded the law’s applicability to 
telecommunications operations, administration, 
maintenance, and provisioning systems. However, 
the Act did not fully address the concerns that 
prompted NSTAC’s recommendations. Congress 
subsequently passed the National Information 
Infrastructure (Nil) Protection Act of 1996, which 
provides measures to strengthen Eederal laws 
against computer crime. 

As the IDSG focused primarily on R&D issues related 
to intrusion detection technology, the Government 
was exploring broader R&D issues. In particular, the 
President’s Commission on Critical Infrastructure 
Protection (PCCIP) examined R&D issues affecting 
the security of all critical infrastructures. NSTAC’s 
findings and recommendations are consistent with 
those resulting from the PCCIP’s work. Eurther, 
Presidential Decision Directive (PDD) 63 assigned 
the Office of Science and Technology Policy (OSTP) 
responsibility for coordinating R&D agendas and 
programs for the Government through the National 
Science and Technology Council. 

Since NSTAC XX, three events occurred to address the 
WOS’s recommendations. Eirst, the OMNCS began 
expanding the National Telecommunications 
Coordination Network (NTCN) to provide a mechanism 
to support intercarrier coordination in the event of a 
widespread outage. Second, the ECC designated a 
Defense Commissioner, and industry and Government 
developed procedural guidelines to help 
telecommunications carriers resolve issues with the 
ECC. Third, Government began focusing more attention 
on R&D and the need to advance the state-of-the-art 
equipment for software integrity and address the most 
significant vulnerabilities of new and evolving 
telecommunications technologies and services. 

Eollowing NSTAC XXI, the Government took measures 
to make critical Government systems Y2K compliant 
and to develop contingency plans to deal with any 
potential system failures that might occur. NSTAC’s 
Year 2000 Problem Status Report, issued in September 
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1998, influenced the President’s Council on Year 2000 
Conversion on the need to develop comprehensive 
contingency plans to mitigate any potential harmful 
effects on the Nation’s NS/EP posture. 

In response to the recommendation from the 
NSTAC’s June 1999 Network Group Internet Report: An 
Examination of the NS/EP Implications of Internet Technologies, 
the OMNCS established a permanent program to 
address NS/EP issues related to the Internet. The 
Priority Services and Internet Technology and 
Standards program actively promotes NS/EP 
requirements among pertinent standards bodies, 
including the Internet Engineering Task Force, the 
European Telecommunications Standards Institute, 
and the International Telecommunication Union. 

Following NSTAC XXII in June 1999, the NSTAC 
tasked the lES to develop recommendations for the 
President regarding how the Government can 
optimally focus its efforts to enhance the security of 
the Nation’s NS/EP telecommunications and 
information technology systems. 

The lES subsequently formed the PSTF to address 
this task. The PSTF’s objective was to examine 
current network security strategies to determine 
whether alternative strategies might more effectively 
diminish risk and, if appropriate, develop 
recommendations regarding those alternatives. The 
PSTF based the methodology for its study, inpart, on 
a model of network security developed by the IDSG 
in 1997. The IDSG identified four basic components 
of network security: prevention, detection, response, 
and mitigation. Using this model, the PSTF sought to 
answer the question: Could the risk to network 
security be more effectively reduced by changing the 
relative focus of network security efforts among these 
four components? 

While the PSTF initially expected to find an optimal 
focus that might apply to all organizations, analysis of 
the data yielded a different answer, such as, security 
is not a “onesize-fits-all” proposition. While it is not 
feasible to specify an optimal focus among 
prevention, detection, response, and mitigation that 
will be suitable for all organizations, it is reasonable 
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for each individual organization to consider how it 
focuses its network security efforts among these four 
components and ensure that it employs a strategy 
that is optimal for its own needs. 

The PSTF subsequently identified a number of 
common themes among the organizations providing 
input to the study as well as some barriers that may 
impede the ability of an organization to implement an 
optimal focus among the four components. While the 
PSTF gathered a representative sample of data to 
reflect a broad range of industry perspectives, the 
PSTF determined that it did not have sufficient 
information to adequately reflect the Government’s 
perspective. Consequently, the PSTF decided to 
provide a status report to NSTAC XXIII in May 2000 
and recommended that the lES consider including in 
the NSTAC XXIV work plan the following task: 

► Based on the preliminary analysis and general 
observations of the PSTF report, complete the 
analysis of the focus of network security efforts by 
seeking a broader range of inpuf from 
Government and academia, as well as additional 
Input from industry. 

At the NSTAC XXII meeting, the Honorable 
John Hamre, Deputy Secretary of Defense, 
discussed fhe need for open dialogue befween 
Indusfry/Governmenf in the current era of dynamic 
technological change. Dr. Hamre requested NSTAC’s 
assistance to “tackle the much deeper, more 
complicated problem, which is how do we embed 
security in depth in the infrastructure upon which 
we, the Government, depend and upon which you 
and your customers depend.” NSTAC’s lES 
subsequently began to scope this issue to determine 
how to respond to Dr. Hamre’s request. The lES 
tasked the EISISG to determine the depth and 
breadth of this request and provide the lES with a 
recommended action plan. 

The scoping concluded, through briefings and 
various interactions with industry and Government, 
that the NSTAC can help In two distinct ways: 
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► Promote the Federal Government's efforts to work 
with industry to accomplish their mission of 
incorporating electronic commerce into their 
operations; and 

► Individually support and participate in existing, 
successful industry and Government forums. 

Following the recommendation of the NSTAC based 
on the ISATF’s recommendation to establish a lead 
organization within the Department to coordinate 
with industry regarding threat warnings and 
notifications, DFIS created the Information Analysis 
and Infrastructure Protection Directorate (which was 
reorganized in 2005 into other directorates within the 
Department) to identify and assess intelligence 
information concerning threats to the United States, 
issue warnings, and take preventative and protective 
action against those threats. Moreover, DFIS 
consolidated the watch center capabilities of several 
Federal Government agencies under its auspices. 

The U.S. Congress included a provision (section 
214) in the Flomeland Security Act of 2002 
establishing the protection of voluntarily shared 
critical Infrastructure information. 

The National Cyber Security Partnership (NCSP) 

Task Force 4, Working Group 5 designated a liaison 
to work with TlMl as they explore technical 
standards and Common Criteria. Tl.276-2003 will 
be one of the many standards that will be considered 
as the NCSP works to secure cyberspace. In 
addition, the International Telecommunication Union 
is developing an international standard based on the 
requirements outlined in Tl.276-2003. 

Finally, the General Services Administration required 
compliance by all Federal departments and agencies 
with the American National Standard Tl.276-2003 
on OAM&P security requirements for the 
management plane. 

Reports Issued 

Network Security Scoping Task Force Report: Report of the 
Network Security Task Force, October 1990. 
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Network Security Task Force Finat Report, July 1992. 

NSTAC/NStE Report on Deficiencies in Federai Laws on Computer 
Crime, April/May 1993. 

Network Security Standards for the Pubiic Switched Network: 
issues and Recommendations, October 1994. 

An Assessment of the Risk to the Security of Pubiic Networks, 
Government and NSTAC NStEs, December 12,1995. 

Report of the Network Security Group Research and Deveiopment 
Exchange, September 18,1996. 

Network Security Group Eorward Looking Anatysis Panei 
Proceedings, November 19,1996. 

Locai Number Portabiiity and its tmpiications for the Pubiic 
Switched Network: An NStE White Paper, July 1997. 

Software integrity- An NStE White Paper, July 1997. 

Report on the Likeiihood of a Widespread Teiecommunications 
Outage, December 1997. 

Report on the NS/EP tmpiications of intrusion Detection 
Technoiogy Research and Deveiopment, December 1997. 

The insider Threat: Legai and Practicai Human Resources 
issues: An NStE White Paper, April 1998. 

The insider Threat to information Systems: A Eramework for 
Understanding and Managing the insider Threat in Today’s 
Business Environment: An NStE White Paper, June 1998. 

The President’s NSTAC Research and Deveiopment Exchange 
Proceedings: Enhancing Network Security Technoiogy R&D 
Cottaboration, October 1998. 

An Assessment of the Risk to the Security of the Pubiic Network, 
April 1999. 

Network Group internet Report: An Examination of the NS/EP 
tmpiications of internet Technoiogies, June 1999. 

Protecting Systems Task Eorce Report on Enhancing the Nation’s 
Network Security Efforts, May 2000. 
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First Steps in identifying and Remediating Vuinerabiiities in 
Pervasive Software/Protocois, April 2003. 

Defining the Edge of the internet, June 2003. 

Operations, Administration, Maintenance, and 
Provisioning (OAM&P) Security Requirements for the 
Puhiic Teiecommunications Network: A Baseiine of Security 
Requirements for the Management Piane, August 2003. 
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Obtaining Critical 
Telecommunications Facility 
Protection During a Civil 
Disturbance 

Investigation Group / Period of Activity 

NS/EP Panel 

September 1993 - April 1994 

Issue Background 

The April 1992 civil disturbance in Los Angeles 
identified the need for standardized guidelines in 
requesting the protection of critical telecommunications 
facilities. In response to the problems noted, the NS/EP 
Panel met with California Stafe, Federal Government, 
and telecommunications industry representatives in 
San Francisco. The meeting participants generally 
agreed that emergency response personnel were not 
sufficiently prepared to respond to the crisis that 
overwhelmed local law enforcement and fire 
protection services. 

Telecommunications industry representatives 
discussed their difficulties in obtaining protection for 
their facilities, while other participants acknowledged 
they had been confused abouf whom to contact and 
who had authority during the widespread civil unrest. 
Because the President declared the crisis to be a 
Federal emergency, points of contact and authorities 
changed, causing some confusion. Participants 
raised this issue at the meeting and questioned how 
to obtain critical telecommunications facility 
protection during a Federal emergency. DOJ and 
Department of Defense (DOD) representatives 
briefed the panel on the roles of the DOJ, the 
National Guard, and active duty military personnel 
during national emergencies. 

As a result of the meeting, the NCC, working closely 
with the NS/EP Panel, agreed to develop guidelines 
to assist emergency planners during their 
preparations for and response to civil disturbances. 
The NS/EP Panel and the NCC developed the 
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document in close coordination with the California 
Office of Emergency Services and the California 
Ufilities Emergency Association. 

In May 1994, the NCC and the NS/EP Panel 
issued Guidelines for Obtaining Protection of Critical 
Telecommunications Facilities During Civil Disturbances. The 
document serves as a guide for telecommunications 
industry emergency planners when discussing their 
facility protection needs with local. State, and 
Federal authorities. 

On October 4, 1995, the NS/EP Panel conducted an 
industry/Government Critical Telecommunications 
Facilities Protection exercise simultaneously at three 
separate locations using video teleconferencing 
linking sifes in Arlington, Virginia; Oakland, 

California; and Los Angeles, California. The exercise 
provided an opportunify for key emergency response 
planners af the local. State, and national levels to 
develop working relationships, gain a better 
understanding of the many planning factors required 
by each participant, and define the critical steps in 
the protection process. 

Participants noted this exercise helped clarify the 
lines of communication when requesting protection 
from the city to county to State to national levels and 
helped clarify the various roles and responsibilities of 
fhe organizations involved. The activity also 
highlighted planning shortfalls thaf required 
correcfion to streamline the protection process. The 
NS/EP Panel identified two key issues for inclusion in 
fhe Guidelines for Obtaining Protection of Critical 
Telecommunications Facilities During Civil Disturbances 
document: (1) adding procedures for transitioning 
from Federal control back to State control and 
(2) discussing the legal aspects of federalized versus 
non-federalized troops. 

In an October 1996 conference call, parficipants of 
fhe industry/Government exercise discussed options 
for clarifying the federalization issues. The NS/EP 
Panel added new language to the document, 
indicating that both federalized and non-federalized 
National Guard troops, each with different chains of 
command, may participate in restoring and 
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maintaining iaw and order. In addition, the panel 
added a section authorizing the Secretary of Defense 
to determine when Federal military forces should 
withdraw from the disturbance area and when 
National Guard units would return to State control. 

Reports Issued 

Guidelines for Obtaining Protection of Critical Telecommunications 
Facilities During Civil Disturbances, May 1994. 

Protection of Critical Facilities Exercise, After-Action Report, 
December 1995. 
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Physical Security of the 
Telecommunications Network 

Investigation Group / Period of Activity 

Plans Working Group 

December 1990 - September 1991 

Vulnerabilities Task Force 

May 2002 - February 2003 

Trusted Access Task Force 

April 2003-April 2004 

Issue Background 

The United States Government recognizes the 
telecommunications sector as a critical component 
of national security and emergency preparedness 
(NS/EP) services and the potential for risk due 
to the growing reliance on the availability of 
telecommunications resources by the Government, 
other critical infrastructures, and the general public. 
Like all other critical infrastructures in the United 
States, the communications infrastructure remains 
vulnerable to physical attacks that could significantly 
damage a facility or free standing component of the 
network severely enough to interrupt service. 

History of NSTAC Actions and Recommendations 

On December 13, 1990, at NSTAC XII, an NSTAC 
Principal questioned the physical security of the 
public switched network, due to issues surfaced by a 
National Research Council report on the growing 
vulnerability of the Nation’s communications network. 
As a result, the NSTAC established and tasked the 
Plans Working Group (PWG) with investigating the 
committee's growing concerns related to physical 
security of the telecommunications infrastructure. 

In response, the PWG, in conjunction with the National 
Communications System (NCS) Office of the Joint 
Secretariat, prepared a physical security study that 
examined current industry/Government activities, 
including results from a quesfionnaire given to the 
National Coordinating Center’s industry representatives 
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on physical security policy, operational procedures, 
and methods. The study also documented past NCS 
efforts regarding physical security of NS/EP 
felecommunications facillfies, sites, and assets and 
relevant conclusions and recommendations of those 
past efforts. The study concluded that current 
Industry/Government activity and past NCS documents 
demonstrated industry and Government had made 
substantial progress in addressing the physical security 
of telecommunicafions facilities, sites, and assets. 
According to the study, physical security was well 
planned and managed in general. 

After reviewing the information in this study, the 
NSTAC concluded that the document required no 
further NSTAC action at that time. 

The NSTAC again addressed physical security 
concerns during the business and executive sessions 
of the NSTAC XXV Meeting, at which time the 
Principals again raised concerns related to the physical 
security of the telecommunications infrastructure in 
the wake of the attacks against the United States on 
September 11, 2001. As a result, the NSTAC chartered 
the Vulnerabilities Task Eorce (VTE) to examine 
possible risks associated with the concentration of 
critical telecommunications assets in telecom hotels 
and Internet peering points, as well as vulnerabilities 
Involving equipment chain of control and trusted 
access procedures to telecommunications facilities. 

The VTE concluded that, while the telecommunications 
infrastructure is inherently vulnerable to physical 
attack, the existence of mulfiple inferconnection 
facilities, such as telecom hotels, has helped to 
disperse telecommunications assets over numerous 
locations, thereby reducing service impacts caused by 
the loss of any one facility. The task force 
acknowledged that the physical destruction of 
individual critical telecommunications facilities could 
disrupt service at the local level and restrict access to 
the Infrastructure. Therefore, site by site mission 
critical risk analyses are the only way for organizations 
to identify possible vulnerabilities that could affect 
critical functions supporting those missions. 
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The VTF also addressed the Government’s concern that 
the telecommunications infrastructure may be especially 
vulnerable because trusted physical access is granted 
to individuals requiring entrance to sites where critical 
telecommunications assets are concentrated. During 
its deliberations, the task force stressed how the 
nationwide web of telecommunications assets has 
become far too extensive to ensure full access control to 
prevent tampering. While owners can secure critical 
sites and equipment to the extent possible with 
electronic locks, padlocks, fences, alarms, security 
cameras, and the like, access control remains an 
important issue because the loss of or damage to a site 
housing numerous critical telecommunications assets 
could have local or “last mile” impacts and adversely 
affect NS/EP services. Primary factors influencing the 
efficacy of access control procedures include individuals 
with malicious intent, the omnipresent insider threat, 
the lack of a standard personal identification and 
background check capabilities, and a lack of universally 
applied access control procedures and best practices. 

Furthermore, the VTF addressed chain of control 
issues regarding the security of products and services 
delivered to critical locations. The task force concluded 
that, although security will remain a priority, no policy 
actions are deemed necessary at this time. However, if 
networks become reliant on commodity equipment, this 
could become an issue for consideration. 

In response to the analysis conducted by the 
VTF, and to mitigate any risks associated with 
concentration of assets, such as telecom hotels, the 
NSTAC presented four consecutive reports to the 
President titled Chain of Control, Telecom Hotels, Trusted 
Access, and Internet Peering Security with specific 
recommendations on measures to be undertaken to 
secure the telecommunications industry. 

In direct response to the work delineated in the 
Trusted Access Report, the NSTAC established the 
Trusted Access Task Force (TATF) and charged it to 
examine how industry and the Government can work 
together to address concerns associated with 
implementing a national security background check 
program for access to key facilities. 
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In response to the NSTAC’s earlier findings in this 
area, the TATF further examined the concerns that the 
telecommunications infrastructure may be vulnerable 
because trusted physical access is granted to 
individuals who require entrance to sites where 
telecommunications assets are concentrated without 
ensuring that the individual does not pose a threat to 
the facility or infrastructure. The task force proposed 
that a national standard for personnel screenings 
using Federal databases, such as the program used 
by the Department of Homeland Security’s (DHS) 
Transportation Security Administration (TSA), may be 
beneficial for industry in mitigating threats to the 
telecommunications infrastructure. 

The TATF also examined the need for a standard, 
industry-wide, certificate-based picture identification 
(ID) card. The group noted that the creation of such a 
card would further solidify the security of the Nation’s 
telecommunications infrastructure, and also assist in 
the identification of those employees who have 
passed the national screening. In an emergency or 
crisis the credential will also expedite recovery efforts 
by helping to easily identify personnel who are 
needed at the site. 

During the May 2004 NSTAC XXVII Meeting, the 
Assistant Secretary for Infrastructure Protection, DHS, 
emphasized the importance of the group’s work and 
commented on the need for short-term initiatives that 
could be undertaken to increase security at numerous 
upcoming National Special Security Events (NSSE), and 
could also be used as the basis for long-term perimeter 
access guidelines. As a result, the TATF, with the 
assistance of the NCC’s Information Sharing and 
Analysis Center (ISAC) member companies, proposed 
the establishment of a pilot program to pre-screen, 
against Federal terrorist lists/Government databases, 
a small group of industry employees who may need 
access to physical sites or critical information 
concerning NSSEs and associated critical facilities. The 
TATF deemed the United States Secret Service (USSS) 
the most appropriate resource for conducting industry 
screenings on the specified personnel due to their role 
in planning NSSEs. The pilot screening program 
produced a list of key lessons learned, as well as several 
human resources concerns from industry. 
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Based on the TATF’s analysis the NSTAC 
recommended that the President direct the 
appropriate departments and agencies to: 

► Coordinate with industry to: 

• Implement and support a standardized 
screening process for industry to voluntarily 
conduct screenings on persons who have 
regular and continued unescorted access to 
critical telecommunications facilities 

{e.g., switching facilities), including 
telecommunications employees and vendors, 
suppliers, and contractor staff, including: 

- Modeling such a program after the current 
TSA program by including different relative 
background investigation levels for various 
facilities and personnel types; 

- Partnering with DFiS, through TSA, to upon 
request from industry, conduct screenings 
for industry personnel working at critical 
private telecommunications facilities; and 

- Working with NRIC to develop industry 
best practices defining specific criteria for 
determining which telecommunications 
employees should be subject to screenings. 

• Make available a standard “tamper-proof,” 
certificate-based picture identification 
technology to enable the positive identification 
of screened individuals at critical sites and to 
support both physical and logical access for 
such individuals to critical telecommunications 
facilities and the networks and information 
concerning them by building on the ongoing 
work of the General Services Administration’s 
Federal Identity Credentialing Committee. 

• Build on the recommendations in the NCC ISAC 
report. Preparing for a National Special Security Event, to 
develop a national plan for controlling access at 
the perimeter of an NSSE or a disaster area. To 
facilitate the development of a national perimeter 
access plan to be incorporated in the National 
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Response Plan, the Government should continue to 
support the screening program coordinated by 
the NCC ISAC with screenings facilitated by DFIS 
and the USSS. 

► Partner with the ISACs across infrastructures to 
implement screening, credentialing, and access 
control policies mirroring those recommended for 
the telecommunications infrastructure for all 
critical infrastructures. 

Actions Related to NSTAC Recommendations 

In accordance with the NSTAC’s recommendations and 
the NCC’s Preparing for a National Special Security Event Report, 
the Government implemented a pilot program to 
coordinate industry access for the 2005 Presidential 
Inauguration. In addition, in a related effort, the NCS 
developed in early 2006, in partnership with Federal, 
State, and local Government entities, as well as a private 
sector company, an access standard operating 
procedure (SOP) to ensure that private critical 
infrastructure responders have priority access to 
disaster areas. The access SOP has been adopted by 
the State of Georgia and is currently being used as an 
example for other States. 

In addition, the State of Georgia SOP has been 
distributed to a broader community, including the 
Flomeland Security Advisors and the National 
Association of Regulatory Commissioners. Currently, a 
number of State and local governments have begun 
developing procedures for granting access into disaster 
areas by private sector organizations. The NCC has 
received copies of these plans from several States and 
is currently working with the Federal Emergency 
Management Agency (EEMA) to identify other State 
plans. This is an iterative process that requires 
continuous interaction between Federal Government 
and various levels of regional and State municipalities. 
The NCS also sends representatives to quarterly 
Regional Interagency Steering Committee/meetings in 
the FEMA regions to complete a survey of the States on 
their credential programs and access SOPs. 
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Reports Issued 

lES Plans Working Group, A Review of Physical Security, 
September 1991. 

Vulnerabilities Task Force Report: Chain of Control, March 2003. 

Vulnerabilities Task Force Report: Telecom Hotels, March 2003. 

Vulnerabilities Task Force Report: Trusted Access, March 2003. 

Vulnerabilities Task Force Report: Internet Peering Security, 

April 2003. 

Trusted Access Task Force Report: Screening, Credentialing, and 
Perimeter Access Controls Report, January 2005. 
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Response to September 11,2001, 
Terrorist Attacks 

Investigation Group / Period of Activity 

September 11 “Lessons Learned” Ad Hoc Group 

October 2001 - December 2001 


Issue Background 

The terrorist attacks of September 11, 2001, 
required industry and Government to marshal 
resources at the national. State, and local levels to 
support response and recovery efforts. A critical part 
of those efforts was the restoration of emergency 
telecommunications services and the provisioning of 
communications to emergency response personnel. 
The National Communications System and the NCC, 
in partnership with NSTAC companies, played a 
major role in ensuring a quick response and recovery 
of telecommunications capabilities in the wake of the 
September 11th attacks. Subsequently, in response 
to a request from the Special Advisor to the President 
for Cyberspace Security, the NSTAC formed the 
September 11th “Lessons Learned” Ad Hoc Group to 
provide an industry perspective on lessons learned in 
responding to the September 11th tragic events. The 
NSTAC Chair discussed the ad hoc group’s analysis 
in its December 12, 2001, letter to the President. 

History of NSTAC Actions and Recommendations 

After identifying nearly 40 policy and operational 
lessons learned from the September 11, 2001, 
response, the ad hoc group narrowed its focus to the 
following issues: access procedures to disaster sites, 
communications procedures, and industry 
representation within the NCC. 

The major issue dealt with procedures for access to 
disaster sites affected by the attacks. Specifically, 
inconsistent access control procedures for moving 
telecommunications equipment and personnel into 
and out of the World Trade Center disaster area 
created confusion and presented obstacles for the 
telecommunications companies engaged in the 
restoration of the infrastructure. Procedures were 
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revised each time a new authority took responsibility 
for managing access to the disaster area. Depending 
on the phase of the response, local responders. State 
authorities, or Federal personnel were in control. The 
invocation of both crisis management, i.e. law 
enforcement officials treated the disaster area as on 
ongoing crime scene, and consequence 
management measures served to complicate the 
access control issue even further. 

Based on the ad hoc group's analysis, the NSTAC 
recommended that the President direct the 
appropriate departments and agencies to lead a 
national effort to examine remedies to perimeter 
access control issues. The NSTAC determined that 
these remedies should consider overlapping 
jurisdictions and result in consistent processes and 
procedures for incorporation into the Federal 
Response Plan and State and local emergency 
response plans. The objective was to ensure that any 
future national response efforts to unanticipated 
attacks would be fully planned and coordinated and 
consistently carried out without delay. 

Additionally, the ad hoc group addressed 
communications procedures during emergencies. The 
events of September 11, 2001, demonstrated the need 
for standard procedures to improve communications 
among decision makers, operational personnel, and 
other stakeholders during emergencies. Such 
procedures would have to take into account the severity 
of the emergency, the classification of the 
communications, the location of the communicators, 
and the telecommunications capabilities available, 
among other factors. The ad hoc group found that the 
requisite operational procedures were already 
developed and in place at the NCC, including 
procedures related to the NCC’s Telecom-1 SAC 
function. The NSTAC had consistently identified ISACs 
as the appropriate focal points for coordinating 
communications among industry players and between 
industry and Government in the new threat 
environment. Consequently, the ad hoc group 
concluded that the telecommunications industry should 
work through NCC representatives to address 
communications requirements during emergencies. 
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The ad hoc group also analyzed NCC industry 
representation. The group acknowledged that the 
NCC must maintain proper industry representation to 
meet operational challenges in the evolving threat 
and technology environments. In the aftermath of the 
September 11, 2001, attacks, the NS/EP community 
reaffirmed the critical role wireless communications 
plays in response to national emergencies. Similarly, 
Internet services were deemed to be increasingly 
important in disaster response and central to the 
mission-critical operations of business and 
Government agencies. Accordingly, the ad hoc group 
examined the mix of industry representation in the 
NCC and found that NCC members represented 

(1) the majority of the wireless carrier market share; 

(2) more than half of the Internet backbone provider 
market; and (3) a minority of the Internet access 
provider market. The ad hoc group concluded that 
augmenting Internet access provider membership in 
the NCC could help the NCC better address potential 
network security issues. Such issues included the 
threat of distributed denial of service attacks and 
software viruses launched by end users w'a dial-up 
connections to the network. 

As part of its lessons learned analysis, the ad hoc group 
reviewed previous NSTAC recommendations, 
recognizing that the NSTAC’s cumulative work could 
provide valuable information related to ensuring reliable 
infrastructure services and securing the Nation’s critical 
facilities. The group also recognized that the sharing of 
such information had gained new importance with the 
national focus on homeland security. Previous NSTAC 
studies selected for review by the group were in the 
areas of cellular priority access, energy service priority, 
protection of critical facilities, public network 
convergence and vulnerabilities, and national 
information sharing, analysis, and warning. The group 
concluded that such studies and associated 
recommendations could demonstrate best practices for 
use by other organizations concerned with the physical 
and cyber security of critical infrastructures supporting 
multiple sectors. 

Reports Issued 

NSTAC Letter to the President, December 17, 2001. 
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Termination of Cellular Networks 
During Emergency Situations 

Investigation Group / Period of Activity 

Cellular Service Shutdown Ad Hoc Working Group 

August 2005 - January 2006 

Issue Background 

As a direct result of the bombings that took place in 
the London transportation system in July 2005, U.S. 
authorities initiated the shut down of cellular network 
services in the Lincoln, Holland, Queens, and 
Brooklyn Battery Tunnels. The Federal Government 
based this precautionary measure on the suspicion 
that similar attacks might also be perpetrated In the 
tunnels leading to and from New York City. Though 
the decision was rooted in vital security concerns, the 
resulting situation, undertaken without prior notice to 
wireless carriers or the public, created disorder for 
both Government and the private sector at a time 
when use of fhe communications infrastructure was 
most needed. Shortly following these activities, the 
National Coordinating Center (NCC) hosted a 
teleconference to discuss the need to develop a 
process for determining if and when cellular 
shutdown activities should be undertaken in the 
future in light of the serious impact these efforts 
could have had, not only on access by the public to 
emergency communications services during these 
situations, but also on public trust in the 
communications infrastructure in general. 

History of NSTAC Actions and Recommendations 

These actions highlighted, within the President’s 
National Security Telecommunications Advisory 
Committee (NSTAC) community, the need for a process 
to ensure that future similar decisions meet the Nation's 
security goals and ensure the protection of critical 
infrastructures. Consequently, on August 18, 2005, the 
NSTAC established a Principal level task force fo 
formulate, on an expedited basis, recommendations to 
effect efficient coordinated action between industry and 
Government in times of national emergency. 
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To facilitate more coordinated action, the NSTAC 
recommended that the President direct his 
departments and agencies to: 

► Work to implement a simple process, building 
upon existing processes, with the Department of 
Homeland Security (DHS) and National 
Communications System (NCS) coordination 
enabling the Government to speak with one voice, 
provide decision makers with relevant Information, 
and provide wireless carriers with Government- 
authenticated decisions for implementation; and 

► Achieve rapid implementation through the 
Homeland Security Advisor of each State, in 
conjunction with the NCS and the Office of Sfate 
and Local Government Coordination, DHS. 

The group concluded its activities upon NSTAC 
approval of the Letter and recommendations in 
January 2006. 

Actions Resulting from NSTAC Recommendations 

In support of the recommendations, the NCS approved 
Standard Operating Procedure (SOP) 303, “Emergency 
Wireless Protocols (EWP),” on March 9, 2006, codifying 
a shutdown and restoration process for use by 
commercial and private wireless networks during 
national crises. Linder the process, the NCC will 
function as the focal point for coordinating any actions 
leading up to and following the termination of private 
wireless network connections, both within a localized 
area, such as a tunnel or bridge, and within an entire 
metropolitan area. The decision to shutdown service will 
be made by State Homeland Security Advisors, their 
designees, or representatives of the DHS Homeland 
Security Operations Center. Once the request has been 
made by these entities, the NCC will operate as an 
authenticating body, notifying the carriers in the affected 
area of the decision. The NCC will also ask the requestor 
a series of quesfions fo determine if fhe shufdown is a 
necessary action. After making the determination that 
the shutdown is no longer required, the NCC will initiate 
a similar process to reestablish service. The NCS 
continues to work with the Office of Stafe and Local 
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Government Coordination at DHS, and the Homeland 
Security Advisor for each State to initiate the rapid 
implementation of these procedures. 

The Government Emergency Telecommunications 
Service (GETS) and Wireless Priority Service (WPS) 
Program Management Office (PMO) has been 
assisting the NCC to develop an EWP training and 
awareness briefing. The GETS/WPS Regional 
Outreach Coordinators have been trained to deliver 
the EWP outreach to augment the NCC and industry 
efforts to make sure State and local entitles are 
aware of SOP 303. 

Reports Issued 

NSTAC Cellular Shutdown Letter to the President, January 2006 
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Telecommunications Industry 
Mobilization 

Investigation Group / Period of Activity 

Telecommunications Industry Mobilization (TIM) Task Force 

June 1985-June 1989 


Issue Background 

Recognizing the prominent role of the 
telecommunications industry in a national 
mobilization, the NSTAC formed the TIM Task Force 
and instructed it to develop an issue statement. 
Meanwhile, the OMNCS developed the NS/EP 
Telecommunications Plan of Action to implement relevant 
portions of E.O. 12472 and National Security 
Decision Directives 47 and 97. The plan, approved 
by the NCS Committee of Principals (COP) in 1985, 
included an action to provide Government leadership 
in telecommunications industry mobilization 
planning activities. 

In September 1985, the TIM Task Force identified the 
following mobilization subjects as needing further study: 

► Telecommunications service surge requirements; 

► Personnel issues; 

► Maintenance of stockpiles and Inventories; 

► Dependence on foreign sources; 

► Dependence on other infrastructure systems; 

► Industry and Government mobilization 
management structure; and 

► Jurisdictional issues. 

The TIM Task Force recommended a Industry and 
Government forum be established to assess the 
seven TIM subject areas. In December 1985, 
industry and Government concurred with the 
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formation of the Joint Industry/Government TIM 
Group, which began addressing TIM subjects on 
January 29, 1986. 

History of NSTAC Actions and Recommendations 

The NSTAC approved and forwarded to the President 
the Joint TIM Group’s reports, Personnel Issues and 
Dependence on Foreign Sources, on Novembers, 1987, 
and approved and forwarded to the President the 
reports. Government and Industry Mobilization Management 
Structure and Maintenance of Stockpiles and Inventories on 
September 22, 1988. 

On June 8, 1989, the NSTAC approved and 
forwarded to the President the Joint TIM Group’s 
final reports on Telecommunications Service Surge 
Requirements, Dependence on other Infrastructure Systems, 
and Jurisdictional Issues, a final report with overall 
recommendations on telecommunications industry 
mobilization. The NSTAC then disbanded the Joint 
TIM Group. 

Actions Resulting from NSTAC Recommendations 

The original Energy Task Eorce further defined the 
TIM recommendations on energy Issues, Including 
underground storage tank regulations. 

The National Security Council and the Executive Office 
of the President initiated a review of overall national 
security mobilization preparedness. The Eederal 
Emergency Management Agency implemented several 
TIM recommendations as part of the Graduated 
Mobilization Response Plan. The OM NCS Office of the Joint 
Secretariat developed a plan of action. Involving all NCS 
member organizations, designed to track 
Implementation of the TIM recommendations. The 
plan included identification of task responsibilities, a 
time-phased work plan, and a schedule of status 
reports. The Baseline Mobilization program involved 
assigning “lead” organizations to follow up and take 
actions necessary to implement each TIM 
recommendation during a 3-year period, with 36 tasks 
distributed among the NCS member organizations. 

In September 1993, the OMNCS Office of the Joint 
Secretariat Issued Its Final Report on TIM Recommendations. 
The report presented the actions taken by various NCS 
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member agencies on 11 recommendations having a 
significant and immediate effect on NS/EP 
telecommunications. The remaining 25 
recommendations, while of considerable importance, 
were of somewhat lesser significance relative to their 
immediate Impact on NS/EP telecommunications. The 
telecommunications industry had substantially 
implemented those recommendations and the report 
addressed them. The OMNCS believed that the 
agencies assigned to implement the recommendations 
had responded favorably, and that the TIM program 
could be considered a success. The OMNCS also 
believed that further formal monitoring of the TIM 
program was not necessary. 

Reports Issued 

Volume I, TIM Issue Statement, September 5,1985. 

Volume II, Background and Supporting Material, September 5,1985. 

Personnel Issues, September 1987. 

Dependence on Foreign Sources, October 1987. 

Government and Industry Mobilization Management Structure, 
June 1988. 

Maintenance of Stockpiles and Inventories, June 1988. 
Telecommunications Service Surge Requirements, January 1989. 
Dependence on Other Infrastructure Systems, April 1989. 
Assessment of TIM Capabilities (V. I), April 1989. 

TIM Subject Reports (V. II), April 1989. 

Jurisdictional Issues, April 1989. 

Exercise Participation, April 1989. 

Final Report on TIM Recommendations, September 1993. 
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Telecommunications 
Service Priority 

Investigation Group / Period of Activity 

Telecommunications Service Priority (TSP) Task Force 

December 1984 - December 1990 


Issue Background 

In December 1984, the NSTAC identified TSP as an 
urgent issue because of fhe need for a system that 
authorized both priority provisioning and restoration of 
NS/EP services for Federai, State, and iocai 
governments and private users. The TSP System 
replaced the Restoration Priority (RP) System, which 
covered only the restoration of Federal Government, 
inter-city, and private lines. The NSTAC lES established 
the TSP Task Force on February 21, 1985, to advise 
and assist the OMNCS in developing the TSP System, 
specifically regarding provisioning, restoration, 
maintenance, legal, and regulatory issues. 

History of NSTAC Actions and Recommendations 

The task force worked closely with the OMNCS in the 
development of the TSP System and provided 
assistance with its implementation. Specifically, the 
task force had a significant advisory role in creating 
the Petition for Rulemaking and Proposed Federal 
Communications Commission (FCC) Rules for the TSP 
System. The task force also assisted the TSP 
Program Office in establishing the initial TSP System 
Oversight Committee charter. The NCS Council of 
Representatives (COR) TSP Subcommittee and the 
TSP Task Force drafted and approved the charter in 
February 1990, and the DOD and the General 
Services Administration (GSA) approved the charter 
in November 1990. Subsequently, adoption of an 
amendment occurred in April 1991. 

The task force had a role in both the creation of the 
TSP Oversight Committee and the selection of 
Oversight Committee members. During the week of 
September 28 through October 3, 1987, the TSP 
Task Force and NCS COR met and discussed the 
operational framework for the TSP System, including 


2006-2007 NSTAC Issue Review ► PREVIOUSLY ADDRESSED ISSUES 


the establishment of the TSP Oversight Committee. 
On March 29, 1990, the TSP Task Force 
recommended that the Manager, NCS, appoint the 
following initial members to the TSP Oversight 
Committee: AT&T, Contel, McCaw Cellular, MCI, 
Bellcore, Sprint, GTE, State of California, State of 
South Carolina, Department of Transportation, 

Federal Emergency Management Agency, DOD, 

GSA, Department of Energy, Department of 
Commerce, National Telecommunications and 
Information Administration, and the FCC. The NSTAC 
approved the membership list and delegated future 
industry TSP Oversight Committee membership 
nominating authority to the lES. 

Additionally, the task force assisted in developing 
the documentation that made the TSP System 
operational. The task force helped create the TSP 
Service Vendor Handbook, which provides operational 
details of the TSP System that service vendors will 
use as guidance for implementation and operation 
of TSP. The task force developed the TSP Information 
Guide, a TSP primer for small telephone companies, 
published by the United States Telephone 
Association in December 1989. Furthermore, the 
task force had a significant advisory role in creating 
NCS issuances on TSP procedures. Specifically, the 
task force helped develop NCS Directive 3-1, which 
clarified the responsibilities of and procedures for 
all TSP System entities. The task force also assisted 
in the development of the TSP Service User Manual, 
which provided a set of guidelines for all users of 
the TSP System. 

The task force presented its final report at NSTAC XII in 
December 1990, including a recommendation to the 
President, which stated that the Federal Government 
should continue to support and administer the TSP 
System, as defined in NCS Directive 3-1. 

Actions Resulting from NSTAC Recommendations 

TSP System implementation began on 
September 10, 1990. The implementation plan 
included a 2.5-year period for transition from the RP 
to the TSP System. The TSP System became fully 
operational on March 9, 1993. 


147 


PREVIOUSLY ADDRESSED ISSUES ◄ 2006-2007 NSTAC Issue Review 


The President’s National Security Telecommunications Advisory Committee 


Today, the TSP Oversight Committee continues to meet 
on a biannual basis. Likewise, the OMNCS continues 
to provide the operational support for the TSP System. 

Reports Issued 

TSP Information Guide, December 1989 (published for the TSP 
Task Force by the U.S. Telephone Association, now the U.S. 
Telecom Association). 

TSP Service Vendor Handbook (NCSH 3-1-2), July 1990. 

Final Report of the TSP Task Force, September 1990. 
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Telecommunications Service 
Priority Carrier Liability 

Investigation Group / Period of Activity 

Industry Executive Subcommittee (lES) 

Funding and Regulatory Working Group (FRWG) 

November 16,1990-January 31,1991 


Issue Background 

The Federal Communications Commission 
Telecommunications Service Priority (TSP) Report and Order 
authorizes telecommunications carriers to install or 
restore NS/EP telecommunications on a priority 
basis over services that do not serve NS/EP 
requirements. The FRWG reviewed this issue to 
further define the protection against liability offered 
by the TSP Report and Order. One area of concern 
identified by the working group was 911 service. 

The working group concurred that the TSP Report and 
Order ottered adequate protection to carriers. The 
FRWG also observed that services provided under 
contract rather than through tariffs may not be 
protected by the TSP Report and Order \ar\guage. The 
FRWG reached the following conclusions: 

► The TSP Report and Order ottered sufficient protection 
against liability charges arising from the disruption 
of non-NS/EP user tariffed services; 

► The TSP Report and Order had not fully defined the 
legal ramifications of preempting a contracted 
versus a tariffed service; and 

► Carriers should develop internal policies for 
preempting non-NS/EP users. 

On March 15, 1991, the FRWG reported its 
findings to the lES. The lES concurred with the 
FRWG’s findings. 
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Telecommunications Systems 
Survivability 

Investigation Grou[i / Period of Activity 

Telecommunications Systems Survivability (TSS) Task Force 

March 1986 -June 1989 


Issue Background 

The NSTAC developed the TSS issue in 
December 1982 to address all aspects of the 
telecommunications survivability question. The 
Commercial Satellite Survivability (CSS) and 
Commercial Network Survivability (CNS) issues 
evolved from the NSTAC’s initial focus on TSS. On 
March 6, 1986, the NSTAC lES established the TSS 
Task Force and directed it to determine whether 
NSTAC recommendations had inconsistencies, 
whether the recommendations met the Government's 
NS/EP telecommunications policy requirements, and 
whether the Government effectively responded to the 
recommendations. In early 1987, the NSTAC 
charged the TSS Task Force to assess the impact of 
new technologies on telecommunications 
survivability. 

The TSS Task Force concluded that no serious 
inconsistencies or gaps existed among NSTAC 
recommendations and the recommendations 
sufficiently met the Government’s NS/EP 
telecommunications policy objectives. The NSTAC 
forwarded to the President the TSS Task Force 
recommendation to initiate a study to identity options 
for ensuring survivable electric power. The TSS Task 
Force completed reports on Government actions taken 
in response to NSTAC recommendations from the CNS, 
CSS, and Electromagnetic Pulse Task Forces, and 
submitted them to the NSTAC on November 6, 1987. 
The task force submitted similar reports on automated 
information processing and the National Coordinating 
Mechanism to NSTAC IX on September 22, 1988. The 
NSTAC approved these reports and forwarded them to 
the President on the respective dates. The TSS Task 
Force also completed an assessment of the applicability 
of network management technology to NS/EP 
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telecommunications survivability, which the NSTAC 
forwarded to the President on September 22, 1988. 

The TSS Task Force assisted the OMNCS in developing 
the Federal Government’s policy on essential line 
service (ELS). 

On June 8, 1989, the NSTAC approved the TSS Task 
Force’s final report and disbanded the task force. 

The NSTAC also directed the lES to proceed with the 
study of intelligent networks and virtual networks 
usefulness for enhancing network survivability, which 
the TSS Task Force initiated, pending review of the 
issue by the lES Plans Working Group (PWG). 

History of NSTAC Actions and Recommendations 

The NSTAC approved the TSS Task Force’s final report 
and disbanded the task force on June 8, 1989. 

Actions Resulting from NSTAC Recommendations 

The TSS Task Force’s electric power recommendations 
led to the establishment of the original Energy Task 
Force, and the intelligent networks study led to the 
establishment of the Intelligent Networks Task Force. 
The lES, through the OWG NS/EP Panel, provides a 
continuing evaluation of the overall progress and 
direction of TSS. The NS/EP Panel identifies any new 
concerns relating to TSS, advises the OWG of areas 
requiring NSTAC or NCS actions or study, monitors the 
status of general survivability of telecommunications 
systems, and reports periodically on the status of TSS 
to the OWG. 

As part of the CNS program, the OMNCS Office of 
Plans and Programs monitored network management 
developments, including local exchange carrier 
network management capabilities. In addition, 
members assigned to the OMNCS Office of 
Technology and Standards Network Management 
and Technology Planning task assessed the effects of 
congestion on NS/EP telecommunications and how 
expert systems could improve network management 
for NS/EP telecommunications. The NCS continued 
to encourage compliance with NCS Notice 3-0-1, 
NS/EP ELS, which recommended that Federal 
departments and agencies having NS/EP 
telecommunications missions consider obtaining ELS 
to increase their probability of obtaining a timely dial 
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tone. The Department of Energy was directed to 
implement several Energy Task Eorce 
recommendations. 

Reports Issued 

TSS: Industry Responses to May 13,1983 Questionnaire, 
September 1983. 

TSS Task Force-Subgroup 1 Review, September 1986. 

TSS Task Force-Review of Power, September 1986. 

TSS Task Force-Review of Security, September 1986. 

TSS Network Management Report, June 21,1988. 

TSS Review of Government Actions in Response to 
NSTAC-Recommended Initiatives, June 21,1988. 

TSS Electric Power Survivability Status Report, August 9,1988. 

TSS Task Force Final Report: Telecommunications System 
Survivability-Assessment and Future Directions, May 2,1989. 
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Underground Storage Tanks 

Investigation Group / Period of Activity 

Industry Executive Subcommittee Funding and Regulatory 
Working Group (FRWG) 

April 1990-March 1991 

Issue Background 

In 1988, the Energy Task Force voiced concerns 
that the Environmental Protection Agency (EPA) 
regulations on underground fuel storage tanks would 
encourage telecommunications carriers to reduce 
the amount of fuel available for fheir backup 
generators. The EPA regulations (40 Code of Federal 
Regulations Part 280), originally proposed in April 
1987, included standards for maintaining fhe 
integrity of the tank, protecting against spill and 
overfill, and detecting leaks. The telecommunications 
industry modified or replaced several thousand 
underground storage tanks (LIST) pursuant to these 
regulations and added detection monitoring systems. 

The Energy Task Force considered the implications 
of the regulations and concluded that if fhe 
telecommunicafions industry complied with the new 
EPA regulations, the public switched network might 
not have enough backup fuel storage capacity in all 
locations to operate through normal power outages. 
The Energy Task Force recommended that the 
Government grant a national security waiver from 
those parts of the regulations that affected NS/EP 
telecommunications providers. 

The FRWG received briefings from the EPA and 
support staff on EPA LIST regulations. The FRWG 
also investigated LIST regulations at the Federal, 
State, and local levels. The group also surveyed 
several local exchange carriers and interexchange 
carriers to determine LIST policies and procedures. 
The survey revealed that industry was reviewing the 
LIST requirements as a result of fhe EPA regulafions, 
and fhat companies used several criteria when 
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developing LIST requirements. The FRWG developed 
a paper outlining the LIST issue and recommended 
the following: 

► A waiver of EPA LIST regulations should not be 
pursued. The waiver would not make a significant 
contribution to meeting Government backup 
power needs because companies were already 
pursuing their own LIST programs. State and local 
regulations would be addressed regardless of any 
Federal waiver, and telecommunicafions 
companies would probably not use Federal 
waivers unless mandated by the Government. 

The FRWG supported the implementation of an 
Energy Task Force recommendation: 

► Government should specify an NS/EP backup fuel 
requirement in cooperation with industry. 

Actions Resulting from NSTAC Recommendations 

At the December 12, 1990, NSTAC XII Meeting, 
members agreed with the recommendation not to 
pursue a waiver of EPA LIST regulafions. 

Reports Issued 

Energy Task Force Final Report, February 1990. 
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Wireless Security 

Investigation Group / Period of Activity 

Wireless Task Force (WTF) 

April 2002 - January 2003 

Issue Background 

Numerous wireless technologies are being used with 
greater regularity to transmit voice, data, and video in 
support of NS/EP operations. However, there are 
increasing concerns that wireless communications 
could expose NS/EP users to new security threats 
and vulnerabilities. As such, the NS/EP community 
needs to understand its security requirements and 
identify potenfial wireless vulnerabilities. 

Challenges exist at many levels, including product 
design, wireless standards, and wireless/Internet 
convergence. First, the wide use of commercial 
off-fhe-shelf products and legacy equipment by the 
NS/EP community is an important consideration 
because these devices and equipment were not 
designed with NS/EP security requirements in mind 
and sometimes without security features at all. 
Second, interoperability issues arise from fhe 
implementation of different security models and 
standards—for instance, there are several 
conflicting policies either established or in 
development, designed to inhibit or prohibit the use 
of particular wireless capabilities and connectivity to 
classified nefworks and computers. Third, the 
extension of fhe Internet into the wireless domain 
adds new security challenges. 

At the NSTAC XXV Meeting held on March 13, 2002, 
participants discussed the topic of security 
vulnerabilities in wireless communications devices 
and networks. Since subscribers use wireless 
technologies to transmit voice, data, and video in 
support of NS/EP operations, meeting participants 
agreed that the NS/EP community needed to identify 
its security requirements and understand potential 
wireless vulnerabilities. After an initial scoping of 
wireless security and other related wireless issues. 
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the NSTAC lES formed fhe WTF at its April 18, 2002, 
meeting. The lES tasked the WTF to determine how 
the NS/EP user can operate in a secure environment 
and to provide conclusions and recommendations to 
the President regarding wireless security. 

History of NSTAC Actions and Recommendations 

To adequately discuss these subjects and 
formulate actionable recommendations designed 
to help offset wireless threats and vulnerabilities, 
the WTF agreed to: (1) define the terms “wireless" 
and “wireless security;” (2) identify NS/EP wireless 
users’ unique requirements; (3) compile a list of 
wireless vulnerabilities and threats; and (4) where 
known, identify mitigation approaches to address 
wireless vulnerabilities and threats. The task force 
used the expertise of subject matter experts from 
NSTAC member companies, as well as ofher 
informafion technology companies, industry 
associations, and Government participants, 
throughout its study of wireless security. 

After defining NS/EP user requirements, the task 
force identified advantages to using wireless systems 
for NS/EP communicafions, as well as vulnerabilities 
and threats that must be addressed before using 
wireless capabilities for mission-critical NS/EP 
communications. The WTF’s findings concurred wifh 
other prevalent studies, which determined that any 
vulnerabilities that exist in conventional wired and 
computer communications and networks are 
applicable to wireless technologies. 

The WTF concluded that there is a range of wireless 
security, which varies from effective, practical 
security on the commercial wireless networks, to 
significantly less security on the public wireless 
networks. As such, an NS/EP agency must ensure 
that its NS/EP communications are secured 
appropriately for its mission. The WTF also agreed 
that the extent to which these vulnerabilities have 
been or can be addressed would be a function of the 
degree to which organizations with experience in 
security issues manage the network. 
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The WTF concluded its analysis of wireless security in 
January 2003 and presented its findings in its WTF 
Report on Wireless Security. The task force found that 
wireless security challenges exist at many levels, 
including product design, wireless standards, and 
wireless/Internet convergence. Based on its analysis of 
issues related to wireless security, the NSTAC offered 
the following recommendations to the President: 

► Direct Federal departments and agencies to 
construct mitigation and alleviation policies 
regarding wireless vulnerabilities and further 
consider the applicability of the recent wireless 
security policies of the NIST and the Department of 
Defense to all Federal departments and agencies; 

► Direct Government chief information officers to 
immediately emphasize enterprise management 
controls, with respect to wireless devices, to 
ensure that appropriate security controls are 
implemented, given that the banning of wireless 
devices is counterproductive and ignores the 
efficiency that such devices brings to users; 

► Direct Federal departments and agencies to work 
in concert with industry to develop security 
principles and to resolve security-related 
deficiencies in wireless devices when employed 
by NS/EP users; 

► Direct Federal departments and agencies using 
wireless communications to address wireless 
security threats and vulnerabilities, and to 
consider the end-to-end security of their 
respective communications and information 
system capabilities; 

► Direct Federal departments and agencies using 
wireless communications to purchase and 
implement fully tested and compliant secure 
wireless products and services; 

► Direct appropriate staff to advocate funding 
initiatives for replacing non-secure analog with 
secure digital NS/EP equipment and systems; 
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► Direct Eederal departments and agencies using 
microwave communications facilities to address 
unprotected link security vulnerabilities. In 
addition, advise State and local Governments 
and other critical infrastructure providers of the 
vulnerability of unprotected microwave 
communications as part of the homeland 
security initiative; and 

► Establish policies regarding the public availability 
and dissemination of Eederal critical infrastructure 
information (such as the policies on Internet 
availability of the ECC and the Eederal Aviation 
Administration databases of tower locations). 

At a December 2, 2002, lES Meeting briefing, the 
Chair of the President’s Critical Infrastructure 
Protection Board requested that the WTE consider 
examining the security of Internet-enabled wireless 
communications devices and the efficacy of installing 
anti-virus software for wireless telephones, since such 
devices are becoming increasingly more integrated 
with computing functions. In response to the 
Administration’s request, the WTF scoped the issue. 

The WTF reported a number of observations on the 
security of Internet-enabled wireless devices in its 
Wireless Task Force Findings: Security of Internet-Enabled 
Wireless Devices, January 2003. The task force agreed 
that it is a serious issue, which is not limited exclusively 
to “wireless” or “third generation” wireless devices, 
because any device connected to the Internet can be 
attacked. The WTF concluded that although the 
tasking referenced wireless specifically, the NSTAC has 
already studied the larger issue as it relates to the 
convergence of telecommunications networks and the 
Internet. The complete findings based on the task 
force’s initial scoping were forwarded to NSTAC 
stakeholders for review. 

The WTF concluded its activities upon NSTAC 
approval of its reports and finalization of its findings 
on the security of Internet-enabled wireless devices. 
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Actions Resulting from NSTAC Recommendations 

NSTAC wireless security recommendations were 
formed after considerable collaboration with experts 
from industry and the Government. The 
recommendations were provided to and well 
received by other technical and policy advisory 
groups. For example, the Network Reliability and 
Interoperability Council (NRIC) VI, which assures 
homeland security, optimal reliability, 
interoperability, and interconnectivity of, and 
accessibility to, the public telecommunications 
networks, maintained close coordination with 
NSTAC efforts and recommendations. NRIC’s best 
practices and recommendations complemented 
NSTAC findings regarding wireless security 
principles and the resolution of security-related 
deficiencies in wireless devices. 

Reports Issued 

Wireless Task Force Report: Wireless Security, January 2003. 

Wireless Task Force Findings: Security of Internet-Enabled 
Wireless Devices, January 2003. 
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Wireless Services 
(Including Priority Services) 

Investigation Group / Period of Activity 

Wireless/Low-Bit-Rate Digital Services Task Force (W/L6RDSTF) 

March 1991 - October 1991 

Wireless Services Task Force (WSTF) 

December 1991 - September 1995 

Legislative and Regulatory Task Force (LRTF) 

February 2001 - Present 

Wireless Task Force (WTF) 

April 2002 - January 2003 

Issue Background 

At its March 15, 1991, meeting, the President’s 
National Security Telecommunications Advisory 
Committee’s (NSTAC) Industry Executive Subcommittee 
(lES) established the Wireless/Low-Bit-Rate Digital 
Services Task Eorce (W/LBRDSTE) to address Office of 
the Manager, National Communications System 
(OMNCS) concerns about the possible adverse effects 
of developments In the rapidly evolving wireless 
telecommunications sector that would impact the 
public switched network’s ability to handle secure voice 
and data communications. The OMNCS recommended 
that the task force’s charge be to: (1) define the scope 
of the issues regarding wireless services, and (2) advise 
the Government on how to minimize any adverse 
effects of emerging digital mobile communications 
standards and technologies on mobile national security 
and emergency preparedness (NS/EP) users. 

On Octobers, 1991, in its final NSTAC XIII report, 
the W/LBRDSTE concluded that no Government 
organization existed for defining NS/EP 
requirements for wireless digital communications. 

In addition, the task force determined that 
compatibility problems existed between certain 
existing and developing voice/data devices (for 
example, secure telephone unit [STU]-III analog) 
and the emerging digital wireless network. Based on 
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the task force’s report, the NSTAC recommended 
that the Government determine the appropriate 
organization to address and monitor wireless digital 
Interface issues. Accordingly, the Government 
tasked the OMNCS Wireless Services Program 
Office (WSPO) with the responsibility. 

In December 1991, following the establishment of 
the WSPO, the lES approved the establishment of a 
follow-on Wireless Services Task Eorce (WSTE). The 
lES tasked the WSTF to provide an industry 
perspective to the WSPO and to assist in developing 
a plan of action for addressing NS/EP wireless 
Issues. This included Identifying Government 
requirements and developing a white paper to 
support standards activities. The lES also instructed 
the task force to continue its investigation into 
wireless services supporting NS/EP. To that end, the 
task force surveyed the evolving wireless services 
environment and identified and assessed candidate 
solutions that would ensure Interoperability and 
connectivity among wireless services and between 
wireless and non-wireless systems. The WSTF, in 
conjunction with the OMNCS WSPO and the Federal 
Wireless Users Forum, addressed methods for 
incorporating priority access into wireless systems for 
NS/EP use. In addition, they determined the potential 
for emerging wireless technologies to complement 
existing communications support in the Federal 
Response Plan (FRP) Emergency Support Function 
(ESF) #2 (Communications). 

The WSTF established the Cellular Priority Access 
Services (CPAS) subgroup in July 1994 to investigate 
technical, administrative, and regulatory issues 
associated with the deployment of a nationwide 
priority access capability for NS/EP cellular users. 

On March 2, 1995, the lES instructed the WSTF to 
determine the NS/EP implications of, and scope the 
future task force involvement in, wireless 
technologies. These technologies include land 
mobile radio/speciallzed mobile radio, mobile satellite 
services, personal communications services, and 
mobile wireless access to data networks. 
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At its September 22, 1995, meeting, the lES placed 
the WSTF on standby status until needed by the 
Government. At that meeting, the lES also voted to 
place the CPAS subgroup under the direction of the 
NS/EP group. Since then, the subgroup has 
assisted in developing CPAS forms and a manual 
for the administration of CPAS. Additionally, the 
subgroup monitored the development and 
modifications of standards and regulatory issues 
relevant to CPAS, which is now referred to as 
Wireless Priority Service (WPS). 

The NSTAC revisited WPS issues during the NSTAC 
XXVI cycle (March 2002-April 2003). After scoping 
current wireless Issues related to NS/EP users, the 
lES formed the Wireless Task Force (WTF) to study 
issues relating to the ubiquitous rollout of WPS at its 
April 18, 2002, meeting. In addition to analyzing the 
impediments to the ubiquitous rollout of WPS, the 
lES detailed the task force to study how WPS can be 
promoted publicly and explore non-device specific 
and secure solutions for deploying WPS. 

History of NSTAC Actions and Recommendations 

At the October 3, 1991, NSTAC XIII Meeting, the 
NSTAC approved the following W/LBRDSTF 
recommendations to the President: 

► The Government should establish a focal point, 
supported by the National Security Agency (NSA) 
and the National Institute of Standards and 
Technology (NIST), to address and monitor 
wireless digital Interface Issues; and 

► The Government should formulate policies at a high 
level to ensure that all wireless digital service 
acquisition activities take NS/EP needs into account. 

The NSTAC reconvened the task force following the 
establishment of the WSPO. 

At the March 4, 1994, NSTAC XVI Meeting, the 
NSTAC approved the WSTF report and forwarded 
recommendations to the Government on pursuing 
implementation of a single, nationwide priority 
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access capability for NS/EP users and expanding the 
FRP ESF#2 planning process to make more effective 
use of wireless technologies and services. 

At the NSTAC XVII Meeting, held on January 12, 1995, 
the task force reported on Its activities in the areas of 
wireless interoperability and cellular priority access. 

At the NSTAC XVIII Meeting, the WSTF presented Its 
task force report and recommendations on the NS/EP 
Implications of land mobile radio/specialized mobile 
radio, mobile satellite services, personal 
communications services, and wireless data to the 
President. The report had several recommendations 
related to the Government continuing to actively exploit 
emerging technologies in support of NS/EP activities by 
working at the international, Federal, State, and local 
levels In defining wireless requirements. 

Additionally, the subgroup submitted the Cellular 
Priority Access Services Subgroup Report, which 
recommended the Government continue to gain a 
consensus on CPAS regulatory, administrative, and 
technical issues to finalize a comprehensive CPAS 
implementation strategy. 

At the NSTAC XXV Executive Breakfast on 
March 13, 2002, Senator Robert Bennett (R-UT) 
requested that the NSTAC revisit the issue of WPS 
and further examine obstacles to the ubiquitous 
rollout of WPS. In response to this charge, the 
NSTAC tasked the WTF with assessing the issues 
related to the ubiquitous deployment of WPS. The 
WTF closely monitored the deployment of WPS, 
noting that the ubiquitous deployment of the 
program had not been achieved for a variety of 
operational, technical, funding, and regulatory 
reasons. WTF members agreed that the ubiquitous, 
nationwide deployment of WPS would be achieved 
through the inclusion of all wireless technologies In 
the solution set, satellite back-up capabilities, and 
the participation of large and small wireless carriers. 
Members also cited inadequate Government funding, 
lack of liability protection for carriers, and 
technological limitations as additional impediments 
to the ubiquitous rollout of WPS. Lastly, the WTF 
determined the need for an effective WPS outreach 
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campaign to State and local Governments, smaller 
wireless carriers, private sector critical infrastructure 
protection providers, and the general public. 
Providing these entities with timely and accurate 
information would dispel misconceptions regarding 
the WPS program and facilitate the inclusion of WPS 
in various NS/EP homeland security, contingency, 
and disaster recovery plans. 

As a result of this analysis, the NSTAC offered the 
following recommendations to the President: 

► Encourage the development of WPS solutions for 
all wireless technologies {e.g., cellular/personal 
communications service, third generation 
networks, paging, and other wireless data 
services) to maximize WPS coverage, increase 
ubiquity, and give NS/EP users the flexibility to 
handle a variety of emergencies and disasters; 

► Reaffirm that the Eederal Communications 
Commission’s (ECC) Second Report and Order 
(R&O) on Priority Access Service (PAS) does extend 
liability protection to wireless priority solution 
providers equivalent to liability protection found in 
wireline priority communications programs; 

► Encourage and support adequate funding for the 
development and deployment of a multi-technology 
and multi-carrier WPS program, including a satellite 
backup capability to continue through WPS full 
operational capability and later generations and 
integration with the Government Emergency 
Telecommunications Service (GETS); 

► Direct the appropriate departments and agencies 
to conduct outreach and educational campaigns 
regarding WPS and its role in homeland security, 
specifically targeting: 

• State and local Governments—Emphasizing 
the role of WPS in homeland security and the 
importance of expediting zoning and siting 
requests from wireless carriers, including the 
use of Government sites and buildings, to 
increase WPS coverage and ubiquity 
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• Smaller carriers—Educating them on WPS and 
encouraging their involvement in the program 

• Private sector critical infrastructure 
providers—Facilitating greater awareness of 
the WPS program and enabling improved 
contingency and disaster recovery programs 

• The general public—Detailing the benefits WPS 
provides for public safety and homeland security 

► Direct the National Communications System (NCS), 
Government agencies and departments, and 
organizations with NS/EP missions to implement 
proactive policies regarding the implementation and 
use of the WPS program, including: 

• Stockpiling WPS-enabled phones for large-scale 
distribution to NS/EP users during emergencies 

• Monitoring WPS usage following distribution 
of WPS handsets to protect against fraud 
and abuse 

• Developing a WPS directory assistance 
function, enabling NS/EP users to locate one 
another during emergencies 

► Direct the NCS and Government agencies and 
departments involved in WPS planning and 
program management to address the technical 
limitations of wireless and other network 
technologies that may have a negative impact on 
the assurance, reliability, and availability of an 
end-to-end WPS solution. These limitations 
include but are not limited to: 

• Insufficient commercial capacity available to 
support NS/EP users 

• Technical infeasibility of offering wireless 
priority at the network egress within the initial 
operating capability time frame 

• Processing limitations of Signaling System 7 
(SS7) during periods of congestion 
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• Security vulnerabilities resulting trom the 
convergence ot voice and data networks and 
the SS7 

• Challenges associated with the integration ot 
GETS with WPS. 

In addition, the WTF worked jointly with the 
Legislative and Regulatory Task Force (LRTF) to 
assess the legal and regulatory concerns with WPS 
during the NSTAC XXVI cycle. Specitically, they 
addressed whether the FCC should revise the 
Second R&O for PAS. The NSTAC reviewed the R&O 
and, on January 22, 2003, sent a letter to the 
President offering recommendations on PAS. In the 
letter, the NSTAC commended the FCC for adopting 
a Second R&O for PAS, which indicates that carriers 
providing PAS shall have liability immunity from 
Section 202 of the Communications Act; states that 
the FCC and the National Telecommunications and 
Information Administration (NTIA) should accelerate 
on-going efforts to improve interoperability between 
Federal, State, and local public safety 
communications agencies; and encourages the 
Administration to support full and adequate Federal 
funding for PAS. 

Actions Resulting from NSTAC Recommendations 

A Memorandum of Understanding established the 
WSPO as the Government focal point within the 
OMNCS Technology and Standards Division (now the 
OMNCS Technology and Programs Division), with 
full-time participation from NSA and NIST. 

On October 19, 1995, the OMNCS, through the 
WSPO, submitted a CPAS Petition for Rulemaking to 
the FCC to authorize the nationwide CPAS service. 
After two years of soliciting comments from industry 
on the CPAS Petition for Rulemaking, the FCC 
adopted the First R&O for PAS on August 6, 1998. 

The OMNCS worked on CPAS implementation 
through four parallel approaches: modifying cellular 
standards to incorporate CPAS, encouraging the FCC 
to issue CPAS rules, developing CPAS administrative 
processes, and stimulating competitive interests of 
service providers to implement the CPAS capability. 
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On July 3, 2000, the FCC adopted the Second R&O 
for PAS, establishing the regulatory, administrative, 
and operational framework enabling commercial 
mobile radio service providers to offer WPS to NS/EP 
personnel. The R&O also provided WPS priority 
levels and qualifying criteria to be used as the basis 
for all WPS assignments. In their rulemaking, the 
FCC determined that: (1) WPS was in the public 
interest; (2) WPS offering should be voluntary; 

(3) carriers should have limited liability if uniform 
operating procedures were followed; and (4) the 
NCS is responsible for day-to-day administration of 
the program. 

After the terrorist attacks of September 11, 2001, the 
NS/EP community had a renewed interest in fully 
implementing WPS and White House personnel 
directed the NCS to establish an active program. A 
WPS-like solution was made available in Salt Lake 
City in time for the 2002 Olympic Winter Games and 
the NCS launched an immediate solution in May 
2002 in the greater metropolitan areas of 
Washington, DC, and New York City. As a result of 
the NCS integration into the Department of 
Homeland Security (DHS), WPS is now offered 
through the DHS Information Analysis and 
Infrastructure Protection (lAlP) Directorate. WPS is 
offered in most major metropolitan markets on the 
Global System for Mobile Communications platform. 
The initial carrier for WPS is T-Mobile, which will 
reach full operating capability in 2004. In addition, 
the WPS program expanded to additional GSM 
carriers in 2004, including AT&T Wireless, Cingular, 
and Nextel. There are also plans to expand WPS to 
be offered on the Code Division Multiple Access 
platform in the future. 

Reports Issued 

Wireless/Low-Bit-Rate Digital Services Task Force Final Report: 
Towards National Security and Emergency Preparedness 
Wireless/Low-Bit-Rate Digital Services, September 1991. 

Wireless Services Task Force Report, January 1994. 

Emerging Wireless Services Report, September 1995. 
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Cellular Priority Access Services Subgroup Report, 
September 1995. 

Wireless Task Force Report: Wireless Priority Service, 
August 2002. 
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Charter of the President’s National Security 
Telecommunications Advisory Committee 


I. Official Designation 

Under Executive Order 12382, dated 
September 13, 1982, and Executive Order 
13316, dated September 30, 2003, this 
Committee is officially designated the President’s 
National Security Telecommunications Advisory 
Committee (“the Committee”). 

II. Membership and Organization 

A. Membership and organization will be in 
accordance with Executive Order 12382, dated 
September 13, 1982. 

B. There will be an Executive Secretary who will 
be the Manager, National Communications System, 
under section 10(e) of the Eederal Advisory 
Committee Act as amended (5 U.S.C. App. II). 

C. The Committee will provide such guidance 
and direction as is necessary and appropriate 
to ensure the effective functioning of any 
subcommittee so established. Except where a 
special rule applicable to such subcommittees 
appears in an amendment to this Charter, the 
provisions of this Charter shall apply (with 
necessary changes appropriate to 
subcommittees) to the subcommittees. 

D. The Chairman of the Federal Communications 
Commission will be Invited to participate in the 
activities of the Committee and its subcommittees. 
Agencies and officials of the Executive Branch may 
also be invited to participate. 

III. Objective, Scope of Activity, and Duties 

A. The Committee will function in accordance 
with Section 2 of Executive Crder 12382, dated 
September 13, 1982. The Committee will provide 
information and advice to the President on all 


telecommunications aspects affecting national 
security and emergency preparedness. Key policy 
statements include, but are not limited to, Executive 
Crder 12472, Assignment of National Security and 
Emergency Preparedness Telecommunications 
Functions and National Security Decision Directive 
Number 97 (NSDD-97), “National Security 
Telecommunications Policy.” 

B. The committee’s officers will have the 
following responsibilities: 

1. The Chair will convene, preside at, and 
adjourn all meetings at his discretion, with the 
advance approval of the Executive Secretary. 
However, the Chair will also be obliged to 
adjourn any meeting the Executive Secretary 
advises him to adjourn when the Executive 
Secretary determines an adjournment to be in 
the public interest. 

2. The Vice Chair will act as Chair in the 
absence of the Chair. 

3. The Executive Secretary, who will be the 
Manager, National Communications System, 
will attend all meetings and will advise the 
Chair to adjourn, or will adjourn, any 
meeting when the Executive Secretary 
determines it is in the public interest. The 
Executive Secretary will invite agencies and 
officials from fhe Executive Branch to attend 
the meetings, as he deems appropriate. The 
Executive Secretary will prepare the minutes 
of each meeting, the accuracy of which the 
Chair will certify and fhat will at a minimum 
contain: a record of the membership present 
and the members of fhe public who 
participate in the meeting including the 
interests and affiliations they represent; a 
description of matfers and materials 
discussed and the conclusions, If any, 
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reached; and the rationale for any 
recommendations made by members of the 
Committee. The Executive Secretary will also 
maintain copies of all reports which the 
Committee receives, issues, or approves. 

C. The Committee may consult with interested 
parties, agencies, interagency committees, or 
groups of the United States Government and 
with private groups and individuals as the 
Committee decides is necessary or desirable. 

D. The NSTAC will address all matters pertaining 
to National Security/Emergency Preparedness 
(NS/EP) Communications (Cyber and 
Telecommunications). The NSTAC will coordinate 
NS/EP communications interdependency issues 
with the National Infrastructure Advisory Council. 

IV. Official to Whom the Committee Reports 

A. The Committee will report in writing to the 
President of the United States through the 
Secretary of Homeland Security, in his capacity as 
Executive Agent for the National Communications 
System by Executive Order 13286, dated 
February 28, 2003. 

B. The Committee, and any subcommittees 
established by the Committee, will work with the 
Office of the Manager, National Communications 
System, and appropriate representatives from 
National Communications System member 
organizations. 

C. Any subcommittee established by the 
Committee will report to the Committee. 

V. Estimated Costs and Staff Support 

A. Members of the Committee will serve on it 
without any compensation for their work and in 
accordance with Section 3 of Executive Order 
12382, dated September 13, 1982. 


B. The estimated annual cost of operating the 
Committee and its subcommittees is $2.6 
million, including travel expenses, per diem, 
contractor support, and staff support. 

C. The Department of Homeland Security, in its 
capacity as Executive Agent for the National 
Communications System, will supply staff and 
support functions for the Committee. The 
estimated annual personnel staffing of such 
functions is 7.5 staff years, excluding contract 
support. 

VI. Meetings and Termination 

A. The Committee will meet approximately 
every 12 months in person and otherwise at the 
call of the Chair. Subcommittees will meet as 
necessary for their assigned responsibilities. 

B. Under Executive Order 13385, 
dated September 29, 2005, effective 
September 30, 2005, the Committee will 
terminate on September 30, 2007, unless 
formally determined to be in the public interest 
to continue it for an additional period. A 
continuing need for the advice offered by this 
Committee is anticipated. 

VII. Filing Date 

December 14, 2005. 
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Bylaws of the President’s National Security 
Telecommunications Advisory Committee 


Adopted: 

July 20,1983 

Amended: 

June 8,1989 

Amended: 

January 12,1995 

Amended: 

April 18, 2000 

Amended: 

April 7,2003 


Article 1 

Organization and Operation 

Section 1 

The National Security and 


Telecommunications Advisory Committee (NSTAC) 
shall be organized and operate in accordance with 
the Federal Advisory Committee Act, as amended (5 
U.S.C. App. 2), Executive Order 12382, 13 
September 1982, the Charter of the NSTAC, and 
these Bylaws. 

Section 2 The provisions of the Federal Advisory 
Committee Act, as amended (5 U.S.C. App. 2), 
Executive Order No. 12382, 13 September 1982, 
and the Charter of the NSTAC shall govern in the 
event of any conflict between the provisions thereof 
and these Bylaws. 

Section 3 The NSTAC shall be supported by an 
Industry Executive Subcommittee (lES). The lES is 
authorized to form subordinate Groups, titled Working 
Groups, Task Forces, or other appropriate title, 
necessary to carry out the direction provided by the 
NSTAC and to develop recommendations for the 
NSTAC in accord with the NSTAC Charter and the lES's 
mission. The purpose of the lES is to advise the NSTAC 
on matters concerning procedures, plans, and policies 
for the telecommunications and information systems 
that support national security and emergency 
preparedness. The lES shall meet approximately one 
month before and one month after an NSTAC Meeting. 
At additional Working Sessions of the Subcommittee of 
the whole, the lES shall carry out its role as the 
NSTAC’S principal working body. The lES performs the 
following functions: identifies, plans, and defines 
NSTAC issues; strengthens industry and Government 


coordination; examines legislative and regulatory 
issues; oversees network security activities; provides 
feedback on the status of NSTAC recommendations; 
and directs and oversees the work of subordinate 
Groups. The lES shall report to the NSTAC and the 
subordinate Groups shall report to the lES. 

Article II Membership 

Section 1 The members of the NSTAC shall be 

appointed by the President in accordance with the 
provisions of Section 1(a) of Executive Order No. 
12382, dated 13 September 1982. 

Section 2 Each member of the NSTAC shall 

have the authority to appoint one member of the lES. 
The same individual may represent an industry entity 
on the lES and on one or more subordinate Groups. 
Except as provided in Article II, Section 5, the 
membership of the subordinate Groups shall consist 
of lES members elected by the lES for a term of two 
NSTAC cycles. 

Section 3 Only NSTAC entities may be 
represented on the lES or subordinate Groups. 

Section 4 Members of the NSTAC may not 
designate alternates. Members of the lES or any 
subordinate Group may designate an alternate. Such 
designation must be in writing with a copy provided to 
the Office of the Manager, National Communications 
System (OMNCS). An alternate shall have the 
privileges of a member. 

Section 5 Consistent with any applicable security 
clearance requirements, any member of the lES or his 
or her duly designated alternate may be accompanied 
at any meeting by advisors. Any member or alternate 
may authorize an adviser to speak on behalf of the 
member or alternate. 
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Article III Chair and Voting 

Section 1 The Chair and Vice Chair of the NSTAC 
shall be appointed by the President in accordance 
with the provisions of Section 1(b) of the Executive 
Order No. 12382, dated 13 September 1982. 

Section 2 The Chair of the lES shall be the 
Deputy Manager of the National Communications 
System and not number in the count for a quorum 
nor vote on issues before the lES. At an lES Working 
Session, the lES member from the NSTAC Chair’s 
company shall chair the Working Session. The Chairs 
of subordinate Groups formed by the lES will be 
appointed by the lES Working Session Chair. 

Section 3 A quorum of the Committee, the lES 
or subordinate Group is required to vote on issues 
being addressed. Except as set forth in Section 5, a 
quorum is constituted by the presence of more than 
half of the membership of the Committee, lES or 
subordinate Group. 

Section 4 Only members of the NSTAC, the lES, 
or subordinate Group may vote. All issues will be 
decided, and recommendations or decisions made, 
by a majority vote of those members present at any 
NSTAC, lES, or subordinate Group meeting. 

Section 5 Absent a request for a recorded and/ 
or secret ballot vote, all votes shall be by either a 
show of hands or by voice vote. Any member may 
request a recorded and/or secret ballot vote at any 
time. With or without a quorum at a meeting, the 
Chair of the lES or subordinate Group may conduct a 
recorded vote by mail at any time absent objections 
of any member. In the case of a mall vote, a quorum 
is constituted by receipt of votes from more than half 
of the membership. A non-response from an lES or 
subordinate Group member will be considered a vote 
in the affirmative. 


Article IV Minutes and Reports 

Section 1 Committee records will be maintained 
as set forth In the Eederal Advisory Committee Act, 5 
U.S.C. App.2. 

Section 2 A written summary will be prepared 
for each lES meeting and meeting of the lES Working 
Session. Summaries of the meetings will be prepared 
by the OMNCS and forwarded to members of the 
meeting body and other participating entities to 
review for accuracy and completeness. 

Section 3 A consolidated annual report of 
results of all NSTAC activities shall be prepared and 
distributed to all members, and to any Eederal 
Government entity upon request. Other reports shall 
be prepared as directed by the NSTAC. 

Section 4 All reports except minority reports 

shall be prepared by the OMNCS and forwarded to 
the members for review and comment at least 15 
days prior to final distribution. 

Section 5 Minority reports may be prepared by 
any industry member(s) and forwarded to the 
OMNCS. The OMNCS will attach the minority report 
to the majority report. 

Article V Issue Development 

Section 1 Issues for consideration by the NSTAC 
may be suggested by any Government or industry 
entity, or any other person. The OMNCS will prepare 
suggested issues into issue papers for consideration 
by the lES. 

Section 2 The lES will review all issue papers and 
recommend to the NSTAC their approval or 
disapproval for further consideration, or recommend 
such other action as is deemed necessary. For issues 
sent to a subordinate Group for study, analysis and/or 
the development of recommendations or options, the 
lES will provide guidance and direction as necessary. 
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Section 3 Studies, analyses, recommendations, 

or options deveioped by any subordinate Group shail 
be submitted to the lES, by report or briefing, for 
consideration prior to presentation or submission to 
the NSTAC. 

Article VI Amendment of the Bylaws 

Section 1 Amendment of the Bylaws may be 
proposed by any member of the NSTAC at any time. 
Such amendments may be adopted or dismissed 
only by majority vote of the NSTAC. 

Section 2 An amendment to the Bylaws shall 
become effective immediately following its adoption. 
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Executive Order 12382—President’s National Security 
Telecommunications Advisory Committee 


(Amended by Executive Order 12454 as of 
December 29, 1983, and Executive Order 13286 as 
of Eebruary 28, 2003) 

By the authority vested in me as President by the 
Constitution of the United States of America, and in 
order to establish, in accordance with the provisions 
of the Eederal Advisory Committee Act, as amended 
(5 U.S.C. App. I), an advisory committee on National 
Security Telecommunications, it is hereby ordered 
as follows: 

Section 1. Establishment. 

(a) There is established the President’s National 
Security Telecommunications Advisory Committee 
which shall be composed of no more than 30 
members. These members shall have particular 
knowledge and expertise in the field of 
telecommunications and represent elements of the 
Nation’s telecommunications industry. Members of 
the Committee shall be appointed by the President. 

(b) The President shall annually designate a 
Chairman and a Vice Chairman from among the 
members of the Committee. 

(c) To assist the Committee in carrying out its 
functions, the Committee may establish appropriate 
subcommittees or working groups composed, in 
whole or in part, of individuals who are not members 
of the Committee. 

Section 2. Functions. 

(a) The Committee shall provide to the President 
through the Secretary of Plomeland Security, among 
other things, information and advice from the 
perspective of the telecommunications industry with 
respect to the implementation of Presidential 
Directive 53 (PD/NSC-53), National Security 
Telecommunications Policy. 


(b) The Committee shall provide information 
and advice to the President through the Secretary 
of Homeland Security regarding the feasibility of 
implementing specific measures to improve the 
telecommunications aspects of our nafional 
security posture. 

(c) The Committee shall provide technical information 
and advice in the identification and solution of 
problems which the Committee considers will affect 
national security telecommunications capability. 

(d) In the performance of ifs advisory duties, the 
Committee shall conduct reviews and assessments of 
the effectiveness of the implementation of Presidential 
Directive/National Security Council 53 (PD/NSC-53), 
National Security Telecommunications Policy. 

(e) The Committee shall periodically report on 
matters in this Section to the President and to the 
Secretary of Homeland Security in his capacity as 
Executive Agent for the National Communications 
System. 

Section 3. Administration. 

(a) The heads of Execufive agencies shall, to the 
extent permitted by law, provide the Committee such 
Information with respect to national security 
telecommunications matters as it may require for the 
purpose of carrying out its functions. Information 
supplied to the Committee shall not, to the extent 
permitted by law, be available for public inspection. 

(b) Members of the Committee shall serve without 
any compensation for their work on the Committee. 
However, to the extent permitted by law, they shall 
be entitled to travel expenses, Including per diem in 
lieu of subsistence. 
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(c) Any expenses of the Committee shall, to the 
extent permitted by law, be paid from funds available 
to the Secretary of Homeland Security. 

Section 4. General. 

(a) Notwithstanding any other Executive Order, the 
functions of the President under the Federal 
Advisory Committee Act, as amended (5 U.S.C.App. 
I), except that of reporting annually to the Congress, 
which are applicable to the Committee, shall be 
performed by the Secretary of Homeland Security, in 
accord with guidelines and procedures established 
by the Administrator of General Services. 

(b) In accordance with the Federal Advisory 
Committee Act, as amended, the Committee shall 
terminate on December 31, 1982, unless sooner 
extended. 
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Antitrust Division 

Office of the Assistant Attorney General Washington, D.C. 20530 


June 1,1983 


Lt. Gen. William J. Hilsman 

Manger, National Communications System 

Washington, D.C. 20305 

Dear General Hilsman: 

In response to your May 2, 1983, letter to Ronald G. Carr, the Antitrust Division has reviewed the April 18, 
1983, draft report of the NSTAC Emergency Response Procedures Working Group on the establishment of a 
National Coordinating Mechanism. In particular, the Division focused on the proposed functions of the National 
Coordinating Mechanism (NCM) as set out in Section 6, “Conclusions,” of the draft report and Annex B. 

The views expressed in this letter are preliminary and respond to your suggestion that we provide general 
guidance to the Funding and Regulatory Working Group prior its June 2, 1983 meeting. 

In summary, we believe the functions of a National Coordinating Mechanism, If carried out along the lines 
suggested in Chapter 6 and Annex B, pose no significant competitive problems that would rise to the level of a 
possible Antitrust violation if such activities were carried out in a manner designed to minimize any 
anticompetitive potential and if the appropriate government agencies retain the responsibility for necessary 
procurement and regulatory decisionmaking. 

As we understand it, the NCM would have four organizational components. Overall policy would be set by a 
General Forum, “an Industry-wide organization with widespread membership” which would meet semi-annually to 
provide the opportunity for members of the communications industry to discuss National Security-Emergency 
Preparedness (NS/EP) needs. Subordinate to the General Forum would be two standing committees: (1) the 
Technical Planning Committee, which would focus on matters involving technical interoperability, (2) the Operations 
Planning and Policies Committee, which would focus on those involving operating methods and procedures relating 
to NS/EP. A National Coordinating Center (NCC) would be responsible for day to day planning activities and for 
responding to NS/EP requirements as they occur. The NCC would consist of an operations center located at a 
government facility and be staffed with representatives of the National Communications System, and “selected 
representatives of the industry.” Carriers not physically present would remain in electronic contact with the NCC. 
Lastly, a Secretariat would be responsible for administrative coordination and support. 

According to Appendix B, the NCM would appear to have four types of functions. The first, would be to 
provide a coordination point for dealing with communications emergencies, including service disruptions. 

This activity includes development of the “watch center” operations of the NCC, technical analysis/damage 
assessments of service disruptions, and coordination or direction of prompt restoration of telecommunication 
services. (Items 1, 2, 4, 7.) The second basic function would be to coordinate and assist in the provision of 
time sensitive NS/EP service requests. (Items 8, 11.) The third category is a broader planning function in 
which the NCM would assist In the development of technical standards and network planning to meet NS/EP 
needs and to assist the overall development of each carrier’s network so as to insure that NS/EP needs are 
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taken into consideration. (Items 3, 9, 10.) Finally, the NCM would provide a mechanism to supply the 
government and, potentially, other carriers with critical information about resources available to meet NS/EP 
needs or emergency requirements. (Items 5, 6.) 

The following discussion of these functions, including the issue of fhe appropriafe scope indusfry 
membership in fhe NCM and ifs component activities, is based on the descriptions set out in the draft report. 

From the description, it would appear that the NCM, although sponsored and supported by the government, 
would largely function as a joint activity among potentially competing members of the telecommunications 
industry. The antitrust laws do not prohibit collective activity between competing members of an industry simply 
because they are competitors. Instead, the question asked by the antitrust laws is whether or not the collective 
activity at issue has the probable effect of lessening compefifion in fhe markets at issue. In the case of the NCM, 
the proposed essential elements recommended by the Working Group do not appear to do so. Rather, they would 
enable the Industry to provide collectively that which each member of the industry could not provide Individually, 
i.e., a nationwide, interoperable system of independent carrier networks in which the resources of all are available 
to meet this Nation’s NS/EP needs. Consequently, the key focus of any anfifrust and competitive analysis is on the 
methods and procedures by which the essential objectives are implemented. 

1. Membership. Under the Sherman Act, if joint facilities established by competing firms become essenfial 
to participating effectively in markets served by venture’s participants, participation in the activity on 
reasonable terms by all competing enterprises may be mandated. To the extent that participation in the NCM 
would confer a competitive advantage therefore, exclusion by industry members of competing firms might be 
of concern. As we understand the proposal, however, the scope of the NCM and its components would be 
established by the Government to meet public NS/EP needs, not private interests. In such a circumstance, the 
decision to limit membership in a particular activity should be made by responsible government agencies, 
rather than by Industry participants, themselves, limiting possible antitrust concerns. In turn, the criteria 
utilized by the sponsoring government agencies should be designed to promote as broad as possible 
participation in the group, with membership in any activity restricted only to the minimum extent necessary to 
achieve the objectives of such an acfivity, e.g., limiting physical presence at an NCC to numbers that prevent 
the NCC from becoming an operationally unmanageable undertaking. In this regard, we note that the 
government, as “the purchaser” of NS/EP services should have every incentive to maximize industry 
participation, and limit participation, if at all, only to ensure that the benefits of the NCM are maximized. 

2. Coordination of Service Disruptions and Similar Emergencies. As we understand it, the goal of this function is to 
ensure that existing communications requirements can be maintained in the face of disrupfion of fhe network of 
one or more carriers as a result of, e.g., equipment failure, nafural disasters, sabotage or war. The goal of fhe 
NCM in this activity would not be to process service orders to meet added requirements, but to assure that 
services already ordered by government agencies and the private sector can be provided in the face of adversify. 
On fhe facfs as set out above, there would appear to be few, if any, competifive or antifrust issues at stake in this 
type of activity, to the extent the actual restoration and back-up processes do not have the effect of 
disadvanfaging any parficular carrier. Consequently, the procedures involved should minimize any possibility 
that the services of any carrier will be unreasonably excluded from fhe backup and restoration process. 

3. Coordination of Additional NS/EP Requirements. Under this function, the NCM would assist the government 
in obtaining a quick, coordinated industry response to time-sensitive NS/EP requirements, such as the 
provision of additional circuits and equipment to areas hit by a disaster, or for Presidential travel or military 
mobilization requirements. As we understand it, this activity is different from thaf jusf described because it 
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would result in new government orders for additional services or equipment. Here, the competitive and 
antitrust risks are greater in that, if appropriate safeguards are not adopted, the NCM could theoretically serve 
as a mechanism for allocating government orders among competing firms to the detriment of fhe government’s 
interest. Such an allocation could result, if, for example, firms represented at the NCC decided among 
themselves who would bid for a particular circuit order when several of them could do so, or if failure to have a 
representative at the NCC would mean that a particular firm, as a result of procedures agreed on by the 
carriers present at the NCC, would not have the opportunity to bid on the circuit request. 

These theoretically possible competitive problems could be minimized to the extent that the relevant 
government agencies make the procurement decisions and establish the appropriate bidding processes for 
emergency telecommunications, with the NCM merely supporting those processes and providing a mechanism 
coordinating an end-to-end response once the government's procurement decisions were made. What should be 
avoided, therefore, is the adoption by participating carriers, themselves, of practices that would undercut the 
ability of government procurement officers to obtain such benefits of competition as procurement regulations 
envisioned in the circumstances at issue. So long as the NCM merely facilitates actions desired by government 
agencies in their capacity as a purchaser of communications services, antitrust concerns would be minimized. 

4. Industry Standard-Setting and Planning. Standard setting to promote interoperability is widespread across a 
broad spectrum of American commercial activity, including the communications industry. Under the antitrust 
laws, such standard-setting processes pose few problems if access to the standard setting bodies are available 
to competing industry members whose products and services are affected by the standard-setting process and 
to the extent that reasonable procedures are utilized to assure that the competing firms will have the 
opportunity to present their views before such standards are collectively adopted. 

Nevertheless, both competitive and antitrust issues may be raised to the extent that such standard setting 
becomes a vehicle to place the products or services of a firm at a competitive disadvantage. Where such actions 
are taken, it can be alleged that the participants in the standard setting process undertook collective action to 
eliminate a competitor from the market. Such actions should not give rise to antitrust liability to the extent that the 
actions in question represented reasoned and reasonable choices and were not undertaken for an exclusionary 
purpose. In some cases, however, the adoption of standards by collective industry action, e.g., for interoperability 
or interconnection, may result in a choice that will confer relafively greater competitive benefits on one firm or 
technology. Consequently, competitive risks would be minimized to the extent that the standards adopted 
responded to specific NS/EP objectives in a manner that maximized carrier flexibility to meet those standards. 

5. Information Sharing. Finally, the proposed NCM envisions that a limited amount of carrier information 
concerning available NS/EP resources will be provided to the NCC. It is also envisioned that a mechanism will 
be adopted by which individual carrier actions, such as the introduction of new services or the planning of 
facility routes, may be scrutinized so that the NS/EP consequences of fhese carrier activities can be reviewed 
to enhance NS/EP benefits. The fundamental competitive and antitrust concerns regarding such information 
plans are to ensure that proprietary carrier information is not involuntarily disclosed to competitors, and that 
voluntary sharing arrangements do not have the effect of reducing competition among carriers in the 
introduction of new services and the construction of new facilities. Thus, procedures should be adopted to 
foreclose potentially anticompetitive information disclosures. 

For example, it would appear preferable for each carrier to maintain its own inventory of spare circuits, etc., 
rather than to create a centralized data base of such information, unless access to such a data base was strictly 
controlled and limited to the carrier concerned or to government employees. Of course, these concerns are 
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minimized with respect to information that relates not to the overall commercial capabilities of each carrier, but to 
purely emergency resources, e.g., mobile facilities or the status of equipment dedicated to NS/EP requirements. 

In this regard, the operating environment of the NCC should be designed to minimize opportunities for informal 
and unauthorized access by employees of one carrier to the proprietary information of other carriers. 

In the same fashion, the opportunities for disclosure of proprietary information to competing carriers in the 
process of planning new facilities should also be minimized. For example, it would appear prudent for carriers to 
obtain information from government employees as to appropriate routings for facilities and to base their actions 
independently upon such recommendations, rather than for competing carriers to agree on facility routings, 
particularly where the effect would be to require advance disclosure of construction plans to competitors. 

In sum, we believe that the proposals outlined in the draft Working Group report can form an appropriate 
basis for a National Coordinating Mechanism that will meet government NS/EP requirements while minimizing 
competitive antitrust risks. The Antitrust Division will continue to work closely with your staff, the NSTAC, and 
other federal agencies to assure that the NCM is implemented in a manner consistent with both our agencies’ 
legal and policy concerns. 


Sincerely, 



William F. Baxter 
Assistant Attorney General 
Antitrust Division 
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The President’s National Security Telecommunications 
Advisory Committee Membership (as of July 22 , 2008) 


Mr. Edward A. Mueller, NSTAC Chair 

Chairman and Chief Executive Officer 
Qwest Communications International, Inc. 

Mr. John T. Stankey, NSTAC Vice Chair 

Group President Telecom Operations 
AT&T, Inc. 

Mr. James F. Alhaugh 

President and Chief Executive Officer, 
Boeing Integrated Defense Systems 
The Boeing Company 

Mr. Gregory Q. Brown 

President and Co-Chief Executive Officer 
Motorola, Inc. 

Mr. Daniel J. Carroll, Jr. 

Member, Board of Directors 
Telcordia Technologies, Inc. 

Mr. Ken Dahiherg 

Chairman and Chief Executive Officer 
Science Applications International 
Corporation 

Mr. Arthur E. Johnson 

Senior Vice President 
Corporate Strategic Development 
Lockheed Martin Corp. 

Mr. Clayton M. Jones 

Chairman, President, and 
Chief Executive Officer 
Rockwell Collins, Inc. 

Mr. Scott G. Kriens 

Chairman, President, and 
Chief Executive Officer 
Juniper Networks, Inc. 


Mr. Howard L. Lance 

Chairman, President, and 
Chief Executive Officer 
Harris Corporation 

Mr. Michael W. Laphen 

Chairman, President, and 
Chief Executive Officer 
Computer Sciences Corporation 

Mr. Thomas Lynch 

Chief Executive Officer 
Tyco Electronics Ltd. 

Mr. Craig 0. McCaw 

Chairman 
Teledesic Corp. 

Mr. Walter B. McCormick, Jr. 

President and Chief Executive Officer 
United States Telecom Association 

Mr. Kyle E. McSIarrow 

President and Chief Executive Officer 
National Cable and Telecommunications 
Association 

Mr. Craig J. Mundie 

Chief Research and Strategy Officer 
Microsoft Corp. 

Mr. Donald J. Dhert 

Group Executive 
Network Computing Group 
Bank of America Corp. 

Mr. William A. Roper, Jr. 

President and Chief Executive Officer 
VeriSign, Inc. 


Mr. Ivan G. Seidenherg 

Chairman and Chief Executive Officer 
Verizon Communications, Inc. 

Mr. William H. Swanson 

Chairman and Chief Executive Officer 
Raytheon Company 

Mr. Joseph R. Wright, Jr. 

Satellite Expert 
Intelsat, Ltd. 

Mr. Mike S. Zafirovski 

President and Chief Executive Officer 
Nortel Networks Corp. 
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Executive Report on the 2008 Meeting 

of the President’s National Security Telecommunications Advisory 

Committee - May 1,2008 


The President’s National Security Telecommunications 
Advisory Committee (NSTAC) met on May 1, 2008, at 
the U.S. Chamber of Commerce in Washington, D.C. 
The meeting focused on issues surrounding national 
security and emergency preparedness (NS/EP) 
communications in this time of an increasingly global 
communications environment and increased threats 
to network security. The NSTAC Principals met with 
Secretary Michael Chertoff, Department of Homeland 
Security (DHS); Mr. Robert Jamison, Undersecretary 
for National Protection and Programs, DHS; 

Mr. Kevin Martin, Chairman, Federal Communications 
Commission (FCC); and Ambassador David Gross, 
United States Coordinator for International 
Communications and Information Policy, Department 
of State (DOS); and other senior Government officials 
and reviewed NSTAC activities over the past cycle 
during the Open Session. During the Closed Session, 
the NSTAC Principals engaged in discussion with 
Mr. Kenneth Wainstein, Assistant to the President 
for Homeland Security and Counterterrorism; 

Mr. John Grimes, Assistant Secretary for Network and 
Information Integration and Chief Information Officer, 
Department of Defense (DOD); and a number of 
senior Administration officials. This Executive Report 
summarizes those presentations and deliberations. Also 
attached are the recommendations to the President 
from 2007-2008 NSTAC cycle (Attachment 1) and an 
attendance list of NSTAC Principals (Attachment 2). 

2008 NSTAC Open Session 

Call to Order/Opening Remarks. 

Mr. Edward Mueller, Qwest Communications 
International, Inc. and the NSTAC Chair, called to 
order the 2008 NSTAC Meeting Open Session on 
May 1, 2008, at 2:30 p.m. at the U.S. Chamber 
of Commerce in Washington, D.C. Mr. Mueller 
welcomed members of the NSTAC, particularly 
the newly appointed Principals, including 
Mr. John Stankey, AT&T, Inc. and NSTAC Vice Chair; 


Mr. Michael Laphen, Computer Sciences Corporation; 
and Mr. William Roper, VeriSign, Inc. Mr. Mueller 
announced that he considers his appointment as 
Chair of the NSTAC a great honor and looks 
forward to the opportunity to work with the other 
Principals to provide NS/EP advice to the President. 
He recognized that the NSTAC has produced a 
remarkable body of work In its 26 year history and 
stated that the Committee has examined several 
significant issues over the last cycle alone, including 
network security, international communications, 
commercial communications reliance on the global 
positioning system (GPS), and global infrastructure 
resiliency, among others. 

Mr. Mueller noted that the NSTAC last met via 
conference call in February 2008 during which time the 
Principals reviewed and approved the NSTAC Report on 
Commercial Communications Reliance on the Global Positioning 
System and the NSTAC Report on Network Operations Centers 
and heard a preliminary update on the work of the 
Network Security Scoping Group (NSSG). He informed 
members that the Open Session will serve as an 
opportunity to hear remarks from some of the 
stakeholders. Mr. Mueller then recognized and 
welcomed the senior Government officials participating 
in the Open Session: 

► Secretary Chertoff, Department of Homeland 
Security (DHS); 

► Mr. Jamison, Under Secretary for National 
Protection and Programs, DHS; 

► Mr. Martin, Chairman, Federal Communications 
Commission (FCC); and 

► Ambassador David Gross, United States 
Coordinator for International Communications and 
Information Policy, Department of State (DOS). 
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Remarks: Secretary Michael Chertoff. 

Secretary Chertoff thanked the members for their 
hard work during and prior to his time with DHS, 
noting that the NSTAC is among the oldest and 
strongest exampies of a valuabie and effective 
Government-industry partnership. Secretary Chertoff 
further commended the Committee for its work over 
the past year, including the NSTAC’s reports regarding 
international communications, commercial 
communications reliance on the global positioning 
system, and network operations centers. In response 
to the NSTAC Report on International Communications, the 
National Communications System’s (NCS) Committee 
of Principals (COP) formed the International 
Communications Working Group (ICWG) to address 
the recommendations. Secretary Chertoff informed the 
members that Mr. Jamison will provide additional 
details regarding NCS activities to address other recent 
NSTAC recommendations. 

Secretary Chertoff fhen provided an overview of DHS 
cybersecurity activities in response to National 
Security Presidential Directive 54/ Homeland Security 
Presidential Directive 23, which was approved by the 
President on January 8, 2008. The directive 
represents an aggressive, high-priority effort to 
further protect Federal Government systems and 
reduce vulnerabilities, protect against intrusions, and 
better anticipate threats. Secretary Chertoff stressed 
that private sector participation is critical to the 
success of any cybersecurity activity as the majority 
of cyber assets are privately owned. To that end, the 
Department has increased staffing for the U.S. 
Computer Emergency Readiness Team (US-CERT), 
which continues to work to communicate warnings to 
both the private and public sectors. In addition, DHS 
is working to expand the EINSTEIN Program to all 
Federal departments and agencies. Moving forward, 
the Federal Government will need to continue to 
facilitate coordination and information sharing with 
the private sector so that industry can best protect its 
assets. Secretary Chertoff fhen encouraged the 
members to assist with recruiting efforts to ensure 
that the Department can attract the most talented 
cybersecurity experts and noted that there will be 


future opportunities for industry to share their 
expertise with Government through participation in 
work rotation programs. 

Secretary Chertoff further encouraged the members 
to continue to monitor and address, as necessary, 
emergency preparedness issues. He informed the 
Principals that the National Response Framework 
(NRF) became effective on March 22, 2008. The 
NRF serves as a guide to how the Nation reacts in 
the event of a disaster or emergency, no matter its 
size. It identifies the key response principles, roles, 
and structures that organize national response. He 
encouraged the members to review and provide 
feedback to the Department regarding the NRF. 

In response to a Principal’s inquiry regarding the 
ability of first responders to communicate with each 
other. Secretary Chertoff noted that both the Federal 
Emergency Management Agency (EEMA) and the 
National Guard are prepared to deploy mobile 
communications assets, when necessary. In addition, 
the Federal Government currently has access to 
technology that enables bridging and interfacing 
between technologies and the Department has 
started training efforts regarding the use of these 
technologies. Secretary Chertoff further noted that 
the Department is working to address governance 
challenges to train communities to communicate 
using a common language. A second member further 
inquired regarding Government capabilities to 
communicate emergency information to the public. In 
response, Secretary Chertoff stated that the FEMA 
Integrated Public Alert and Warning System has been 
activated in the Gulf Coasf region and enables 
emergency messaging to be broadcast to the public 
via numerous technologies, such as cell phones and 
text messaging. However, in order for this system to 
be deployed Nationwide, States will need to obtain 
the necessary software. Finally, the Secretary 
emphasized that the Department is working to 
institutionalize its emergency response activities so 
that the new Administration can easily understand 
the goals of the current initiatives. 
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Remarks: Mr. Robert Jamison. 

Mr. Jamison thanked the Committee for its work to 
deveiop reports and recommendations to the President 
and noted that the Department vaiues the criticai 
perspective that industry provides. He then welcomed 
the new NSTAC Chair and Vice Chair and informed the 
members that he is personally working to track progress 
against recent NSTAC recommendations. Since 2004, 
the NSTAC has submitted 69 recommendations to the 
President and out of these recommendations, 30 are 
currently being acted on by the NCS; 33 are currently 
being monitored by the NCS; and 6 are outside of the 
NCS scope. Mr. Jamison provided a highlight of the 
NCS activities and informed the members that in 
addition to the ICWG, the NCS COP has also formed 
the Communications Dependency on Electric Power 
Working Group (CDEP WG) to address the 
recommendations in the NSTAC Report on Telecommunications 
and Electric Power Interdependencies. The CDEP WG recently 
hosted a Long-Term Outage Workshop and hopes to 
complete its report in the Summer 2008. 

Mr. Jamison then announced that Mr. Jim Madon 
was recently named Director of the NCS. Mr. Madon 
joins the NCS with a combined history of both public 
and private sector experience and should be a great 
addition to the NCS. 

Remarks: Mr. David Dross. 

Ambassador Gross began by thanking the NSTAC 
members for inviting him to participate in the 2008 
NSTAC Meeting. He noted his appreciation for the 
NSTAC’s recent work focusing on international 
communications and stated that four years ago, 
when he first met with the NSTAC, international 
communications issues were not a primary focus for 
the Committee. He thanked the members for bringing 
international communications to the forefront of NSTAC's 
agenda through the work over the past cycle relating to 
international communications and international network 
operations centers. Ambassador Gross specifically 
referenced the NSTAC Report on International Communications 
as a key step to addressing the national security 
concerns associated with the United States’ current 
international collaboration strategies and policies. He 
stated that DOS fully supports the NSTAC’s work in this 
area and will continue to assist the Administration with 


the implementation of these recommendations. As an 
initial step, the Department has agreed to Chair the 
NCS’ COP ICWG. 

Ambassador Gross continued by outlining several of the 
Department’s international communications activities. 
The Department is collaborating with the Organization 
for Economic Co-operation and Development (OECD) 
and the Asla-Pacific Economic Cooperation (APEC) to 
advance common economic goals and promote global 
information and communications technology security. 
The OECD Is working on confronting e-mail spam and 
malware, while APEC is focused on combating 
cybersecurity and cyber crime. Ambassador Gross 
noted that APEC and OECD are now jointly addressing 
these areas and that the Department is helping to 
facilitate these efforts. Ambassador Gross noted that 
DOS has been similarly Involved in the International 
Telecommunication Union’s (ITU) efforts to provide 
recommendations on identity management issues and 
develop cybersecurity standards. He specifically 
mentioned how the Department has contributed to 
ITU Study Group Q.22, Report on Best Practices for a National 
Approach to CyberSecurity. 

Ambassador Gross then spoke about the Department’s 
efforts to achieve and preserve global Internet freedom. 
He described the importance of ensuring that countries, 
particularly developing nations, have access to Internet 
services and communications technologies. He was 
pleased to announce that since 2000, a significant 
portion of world’s new Internet users have been located 
in developing nations. Ambassador Gross continued, 
remarking that even events in small, remote countries 
have the ability to affect the United States. He explained 
how globalization has begun to forge a link between the 
U.S.’ domestic and national security interests. 

Ambassador Gross closed by recognizing Ms. Meredith 
Baker, Assistant Secretary for Communications and 
Information, National Telecommunications and 
Information Administration (NTIA), Department of 
Commerce, for her role coordinating with DOS on 
international communications matters. He also 
acknowledged that Ms. Baker recently announced that 
she will be resigning from her role with the NTIA. 
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Remarks: Mr. Kevin Martin. 

Chairman Martin thanked the NSTAC for the 
opportunity to speak and commended the 
NSTAC’s efforts to heip protect the Nation’s critical 
infrastructures. He acknowiedged the chailenge of 
maintaining reliabie emergency communications as 
the public and private sector continues to integrate 
next generation technologies into the communications 
infrastructure. Chairman Martin remarked that the 
FCC faces many challenges in maintaining secure 
and reliable emergency communications, including 
911 assurance, voice over Internet Protocol 
effectiveness, location accuracy of wireless service, 
wireless device public safety notifications, and 
fraudulent 911 calls. To address these challenges, 
Chairman Martin reported that the FCC strives to 
create a collaborative environment that enables 
critical infrastructure information sharing and 
emergency communications effectiveness. 

Chairman Martin remarked that based on requirements 
under the Warning, Alert and Response Network Act, 
encompassed within P.L. 109-347, the Security and 
Accountability for Every Port Act of 2006, the FCC is working 
to extend additional next generation networks 
emergency services and alert capabilities to mobile 
devices during a national emergency. 

Chairman Martin further remarked that the FCC is 
working to address public safety interoperability 
challenges. As part of this effort, the FCC is 
committed to creating a nationwide, interoperable 
broadband network in the 700 megahertz band 
for public safety personnel. He expressed 
disappointment that no bidder met the reserve price 
for the “D Block” of spectrum during the FCC’s 2008 
spectrum auction, which the FCC set aside to help 
establish the public safety network. Moving forward, 
the FCC is committed to exploring all options for this 
spectrum to help realize its goal. 

Chairman Martin stated that the FCC’s Public Safety 
and Homeland Security Bureau, launched in 2006, is 
also developing policies aimed at enhancing public 
safety communications, supporting emergency 
preparedness and response, and acting as a repository 
for homeland security and public safety information for 


public safety organizations. Chairman Martin noted 
that many of the Bureau’s primary concerns align with 
the NSTAC’s past and current work. Most notably, the 
Commission participated in both the NSTAC’s previous 
Emergency Communications and Interoperability Task 
Force and Telecommunications and Electric Power 
Interdependency Task Eorce. In addition, the FCC 
maintains a disaster reporting system to track recovery 
efforts and is working closely with carriers regarding 
reporting requirements. 

A member inquired regarding the FCC’s role in the 
new NRF. Chairman Martin responded that the FCC 
has worked on several joint communications and 
interoperability grant programs with DHS and also 
helped the Department develop a set of best 
practices and carrier standards. However, he added 
that there is a need for a next generation networks 
broadband ability to support full interoperability and, 
at this time, many local communities do not have the 
resources to address this. 

Ongoing NSTAC Work. 

Mr. Mueller turned the discussion to a review of 
the NSTAC’s ongoing work efforts. At the beginning 
of the cycle, there were seven active task forces: 

(1) the National Coordinating Center Task Force 
(NCCTF); (2) the Emergency Communications 
and Interoperability Task Eorce (ECITF); 

(3) the International Task Force (ITF); (4) the Global 
Infrastructure Resiliency Task Force; 

(5) the Legislative and Regulatory Task Force (LRTF); 

(6) the Research and Development Task Force 
(RDTF); and (7) the NSTAC Outreach Task Force 
(NOTF). During the course of the cycle, the NCCTF, 
the ECITF, and the ITF completed their work and 
sunset as outlined in the work plan. The NSTAC also 
established two new work efforts, the GPS Working 
Group (GPSWG) and the NSSG. The GPSWG was 
established to address commercial communications 
reliance on GPS and completed its work during the 
course of the cycle and sunset last month. The NSSG 
was established to scope network security issues for 
further examination by the NSTAC. Mr. Mueller 
thanked the NSTAC Principals who served as 
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champions for important NSTAC issues this cycle, as 
well as those who will be supporting key NSTAC 
issues throughout the coming year. 

Research and Development Task Force. 

Mr. Laphen reported that during the past NSTAC cycle, 
the RDTF focused much of its efforts on monitoring and 
analyzing identity management (IdM) issues to 
determine the impact on NS/EP communications. 

Mr. Laphen noted that the task force developed a 
matrix that inventoried all known IdM-related activities 
across the public and private sectors. The task force 
received briefings from subject matter experts from 
the NCS Technology and Programs Division’s on its 
IdM activities and from the ITU Telecommunications 
Standardization Sector (ITU-T) on Its IdM Focus 
Group’s gap analysis activities. Mr. Laphen added 
that the task force’s analysis determined that there is 
no current need for the NSTAC to undertake any 
additional IdM investigation. Mr. Laphen added, 
however, that the task force will continue to monitor 
and receive updates on regulatory and standards 
developments in the international community, 
including the work of groups like the ITU-T. 

Mr. Laphen announced that the task force has 
initiated planning for the NSTAC’s 2008 Research 
and Development Exchange (RDX) Workshop, which 
will be held at Motorola, Inc. at its facilities in 
Schaumburg, Illinois on September 25-26, 2008. 
Focus areas of the workshop will Include IdM, 
emergency communications response networks, 
converging and emerging technologies, and 
defending cyberspace. 

Mr. Laphen concluded by stating that throughout the 
upcoming cycle, the task force will focus on finalizing 
preparations for the 2008 RDX Workshop and will 
continue to research emerging technologies that may 
impact the NS/EP communications environment. 

NSTAC Outreach Task Force. 

Mr. Arthur Johnson, Lockheed Martin, provided the 
Principals with an update on the NOTE’S ongoing 
activities. Mr. Johnson explained that the task force 
fosters information exchanges between key NSTAC 
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stakeholders on telecommunicatlons-related NS/EP 
activities on the Principals’ behalf. Mr. Johnson 
reviewed the NOTE’S mission, which is to: 

► Increase the awareness of NSTAC capabilities 
and products among key stakeholders. Including 
Federal Government personnel, and Industry, 
academic, and research communities; 

► Solicit feedback and input on NSTAC products and 
outreach initiatives from these critical stakeholders; 

► Promote the adoption of NSTAC recommendations 
by these stakeholders; and 

► Develop NSTAC-related materials and sponsor 
venues to enhance the interaction of NSTAC 
Principals and the Industry Executive 
Subcommittee (lES) with key stakeholders. 

Ele stated that during the 2007-2008 NSTAC 
cycle, the task force arranged meetings with key 
Government stakeholders from the Executive Office 
of the President, DEIS, and DOD, among others, to 
discuss the recent NSTAC reports and 
recommendations. The task force also promoted the 
Government’s adoption of recommendations from the 
NSTAC Report on Commercial Communications Reliance on the 
Global Positioning System and the NSTAC Report on Network 
Operations Centers. 

Mr. Johnson remarked that the task force was 
responsible for planning the New Principals’ 

Orientation, which helped familiarize the new Principals 
with NSTAC processes and procedures. The task force 
continues to create updated outreach materials, such 
as the NSTAC Key Messages document, the NSTAC 
brochure, and the NSTAC background white paper for 
key stakeholders, guest speakers, and conference 
coordinators. Specifically, the NSTAC Key Messages 
document provides a brief history of the NSTAC and a 
description of its mission and several recent NSTAC 
efforts. The NSTAC brochure highlights the current 
focus of the NSTAC consolidated in a single document 
and will be available soon. 
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Mr. Johnson noted the task force will continue to work 
with its Government stakeholders to track the status of 
NSTAC recommendations and actively pursue outreach 
opportunities as they arise. He encouraged Government, 
industry, academic, and research communities to 
provide input to the task force. 

Adjournment. 

Mr. Mueller acknowledged the work the lES and 
Mr. Thomas Hughes, AT&T, Inc. and lES Working 
Session Vice Chair, who execute the NSTAC’s 
day-to-day business and work plan and enable the 
NSTAC to provide the best possible advice to the 
President. He thanked the Principals and the 
Government stakeholders for fheir participation and 
adjourned the NSTAC Open Session at 3:35 p.m. 
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Attachment 1: Report Recommendations to the President from the 
2008 Meeting of the President’s National Security Telecommunications 
Advisory Committee - May 1,2008 


The President’s National Security Telecommunications 
Advisory Committee (NSTAC) performed an 
examination of the current international national security 
and emergency preparedness (NS/EP) communications 
environment to— 

► Evaluate the present U.S. operational strategies, 
policies, and frameworks for international 
collaboration; and 

► Prepare recommendations to the President to 
promote U.S. NS/EP interests in emerging 
international network security efforts. 

Recognizing NS/EP communications’ evolving 
dependence on and interdependence with global 
infrastructures and to enhance the resiliency of the 
global communications infrastructure, the NSTAC 
recommends that the President, in accordance 
with responsibilities and existing mechanisms 
established by Executive Order 12472, 

Assignment of National Security and Emergency Preparedness 
Telecommunications Functions, direct the following: 

► Task OHS to coordinate international planning and 
development with the appropriate Eederal Agencies 
for adoption of a global framework incorporating 
operational protocols and response strategies. The 
framework must accomplish the following: 

• Address physical and cyber events that would 
disrupt the availability of critical global 
Infrastructure services. 

• Ensure private sector participation in 
developing the framework to leverage extensive 
expertise and existing relationships. 


• Support the use of identity management 
solutions that address NS/EP requirements 
for normal operations and all-hazards 
crisis response. 

• Examine, with the help of private sector 
partners, existing U.S. laws and policies that 
could prevent service providers and other 
stakeholders from taking the necessary 
proactive measures to restore service and 
prevent harm to NS/EP users for government 
essential operations during a crisis. 

► In the interim, task Federal Agencies to expand 
relationships and response coordination using formal and 
reciprocal agreements with Allied governments to 
include participation from selected international 
service providers and other stakeholders into 
existing joint U.S. Government and private-sector 
response and coordination processes and entities, 
such as the U.S. Computer Emergency Readiness 
Team and the National Coordinating Center. 

Following a request from the Department of Defense 
(DOD), the NSTAC reviewed current operations 
associated with network operations centers (NOCs), 
examined risks associated with such operations, and 
outlined the actions that service providers have taken to 
safeguard operations. The following recommendations 
are consistent with prior NSTAC reports and provide 
further emphasis related to NOCs. The NSTAC 
recommends to the President, in accordance with 
responsibilities and existing mechanisms established by 
Executive Order 12472, Assignment of National Security and 
Emergency Preparedness Telecommunications Functions, that 
the policy of the United States Government should be: 

► To share information, including classified 
information, with U.S. service providers that could 
affect the security practices employed by the 
industry related to NOCs; and 
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► To undertake an information sharing process 
review to determine if the U.S. Government has 
the appropriate mechanisms, responsibiiity 
designations, and directives in piace to aiiow for 
the sharing of such information. 

The NSTAC performed an evaiuation in response to a 
White House request for commerciai communications 
industry findings on the commerciai communications 
infrastructure’s reiiance on the Giobai Positioning 
System (GPS). To gain current perspectives on the 
industry-wide use of GPS, the NSTAC soiicited 
information from its members, other providers within 
the industry, and severai externai subject matter 
experts. Specificaiiy, the NSTAC requested 
information on: (1) company and industry segment 
use of and reiiance on GPS signals; (2) impacts to 
networks and operations that wouid result from ioss 
or degradation of GPS signals; and (3) specific 
strategies implemented or planned to mitigate the 
impact of any GPS signal loss or degradation. 

Overall, industry members surveyed believe that their 
companies have taken measures to safeguard against 
those disruptions to the GPS signal that are likely to 
be encountered; however, to date, no industry or 
Government exercise has sought to replicate the 
impact of a long-term or permanent GPS outage 
simultaneously on all industries. The NSTAC 
recommends that the President direct the 
Department of Homeland Security and DOD to 
include various GPS outage scenarios in future 
planned disaster recovery exercises in coordination 
with the commercial communications industry. 
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Attachment 2: Attendance of Members at the 2008 Meeting of the 
President’s National Security Telecommunications Advisory Committee 


Mr. Edward A. Mueller 

Qwest Communications International, Inc. 

Mr. Scott Kriens 

Juniper Networks, Inc. 

Mr. Craig J. Mundie 

Microsoft Corporation 

Mr. John T. Stankey 

AT&T, Inc. 

Mr. Howard L. Lance 

Harris Corporation 

Mr. Donald J. Dhert 

Bank of America Corporation 

Mr. James F. Albaugh 

Boeing Integrated Detense Systems 

Mr. Michael W. Laphen 

Computer Sciences Corporation 

Mr. William A. Roper 

Verisign, Inc. 

Mr. Daniel J. Carroll, Jr. 

Telcordia Technologies, Inc. 

Mr. Walter B. McCormick, Jr. 

United States Telecom Association 

Mr. William H. Swanson 

Raytheon Company 

Mr. Kenneth C. Dahiherg 

SAIC, Inc. 

Mr. Arthur E. Johnson 

Lockheed Martin Corporation 

Mr. Kyle E. McSIarrow 

National Cable and Telecommunications 

Association 

Mr. Joseph R. Wright, Jr. 

Intelsat, Ltd. 

Mr. Michael S. Zafirovski 

Nortel Networks, Inc. 
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Acronym List 


AIN .Advanced Intelligent Networks 

AlP .Automated Information Processing 

ASPR .Agreements, Standards, Policies, 

and Regulations 

ATIS .Alliance for Telecommunications 

Industry Solutions 

CCS .Common Channel Signaling 

CDEP WG .Communications Dependency on Electric 

Power Working Group 

CIAO .Critical Infrastructure Assurance Office 

CM .Critical Infrastructure Information 

CIP .Critical Infrastructure Protection 

CNS .Commercial Network Survivability 

COP .Committee of Principals 

COR .Council of Representatives 

CSI .Commercial SATCOM Interconnectivity 

CSS .Commercial Satellite Survivability 

CTF .Convergence Task Force 

CWIN .Cyber Warning Information Network 

OARPA .Defense Advanced Research Projects Agency 

DDoS .Distributed Denial of Service 

OHS .Department of Homeland Security 

DOC .Department of Commerce 

000 .Department of Defense 

DOE .Department of Energy 

DOJ .Department of Justice 

DOS .Department of State 

DPA .Defense Production Act 

E.O .Executive Order 

E911 .Enhanced 911 

EC .Electronic Commerce 

ECC .Enhanced Call Completion 

ECITF .Emergency Communications and 

Interoperability Task Force 

ELS .Essential Line Service 

EMP .Electromagnetic Pulse 

EOP .Executive Office of the President 

EPA .Environmental Protection Agency 

ERPWG .Emergency Response Procedures Working Group 

ESF .Emergency Support Function 

ESP .Essential Service Provider 


ETSITIPHON. .. European Telecommunications Standards 


Institute Telecommunications and Internet 
Protocol Harmonization over Networks 

EWP .Emergency Wireless Protocols 

FCC .Federal Communications Commission 

FECC .Federal Emergency Communications 

Coordinator 

FEMA .Federal Emergency Management Agency 

FNI .Funding of NSTAC Initiatives 

FOIA .The Freedom of Information Act 

FRB .Federal Reserve Board 

FRP .Federal Response Plan 

FRWG .Funding and Regulatory Working Group 

FS .Financial Services 

FSTF .Financial Services Task Force 

GETS .Government Emergency 

Telecommunications Service 

GM .Global Information Infrastructure 

GIRTF .Global Infrastructure Resiliency Task Force 

GPS .Global Positioning System 

GSA .General Services Administration 

GTF .Globalization Task Force 

GTISC .Georgia Tech Information Security Center 

HPC .High Probability of Call Completion 

HSPD .Homeland Security Presidential Directive 

l&C .Information & Communications 

lA .Information Assurance 

lAlP .Information Analysis and Infrastructure 

Protection 

lATF .Information Assurance Task Force 

lAW .Indications Assessment and Warnings 

ICT .Information and Communications Technology 

ICWG .International Communications Working Group 

ID .Identification 

IDSG .Intrusion Detection Subgroup 

IDT .International Diplomatic Telecommunications 

lEPS .International Emergency Preference Scheme 

lES .Industry Executive Subcommittee 

MG .Information Infrastructure Group 

MS .Industry Information Security 

IN .Intelligent Networks 
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IP .Internet Protocol 

IS/CIP .Information Sharing/Critical Infrastructure 

Protection 

ISAC .Information Sharing and Analysis Center 

ISATF .Internet Security/Architecture Task Force 

ISEC .Information Security Exploratory Committee 

ISP .Internet Service Provider 

ISSB .Information Systems Security Board 

IT .Information Technology 

ITF .International Task Force 

ITIC .Information Technology Industry Council 

ITPITF .Information Technology Progress 

Impact Task Force 

LMBATF .Last Mile Bandwidth Availability Task Force 

LRG .Legislative and Regulatory Group 

LRTF .Legislative and Regulatory Task Force 

LRWG .Legislative and Regulatory Working Group 

LTO .Long-term Outage 

MTT .Mobile Transportable Telecommunications 

NAP .Network Access Provider 

NCC .National Coordinating Center 

NCCTF .National Coordinating Center Task Force 

NCM .National Coordinating Mechanism 

NCO .National Coordination Office 

NCS .National Communications System 

NCSD .National Cyber Security Division 

NCSP .National Cyber Security Partnership 

NDAI .National Diversity Assurance Initiative 

NECP .National Emergency Communications Plan 

NECS .National Emergency Communications Strategy 

NERC .North American Electric Reliability Council 

NES .National Energy Strategy 

NG .Network Group 

NGN .Next Generation Network 

NGNTF .Next Generation Networks Task Force 

Nil .National Information Infrastructure 

NIPC .National Infrastructure Protection Center 

NIST .National Institute of Standards and Technology 

NLE .National Level Exercise 

NLP .National Level Program 

NOG .Network Operations Center 

NPRM .Notice of Proposed Rulemaking 

NPTF .National Plan to Defend Critical 

Infrastructures Task Force 

NRG .National Research Council 

NRF .National Response Framework 

NRIC .Network Reliability and Interoperability Council 


NRP .National Response Plan 

NS/EP .National Security and Emergency Preparedness 

NS/VATF .Network Securlty/Vulnerablllty Assessments 

Task Force 

NSA .National Security Agency 

NSDD .National Security Decision Directive 

NSG .National Security Group 

NSIE .Network Security Information Exchange 

NSSE .National Special Security Events 

NSTAC .National Security Telecommunications 

Advisory Committee 

NSTF .Network Security Task Force 

NTIA .National Telecommunications and 

Information Administration 

NTMS .National Telecommunications 

Management Structure 

NWC .Naval War College 

OAM&P .Operations, Administration, Maintenance, 

and Provisioning 

ODNI .Office of the Director of National Intelligence 

OEC .Office of Emergency Communications 

0MB .Office of Management and Budget 

OMNCS .Office of the Manager, National 

Communications System 

OS .Operating System 

OSG .Operations Support Group 

OSTP .Office of Science and Technology Policy 

OWG .Operations Working Group 

PAS .Priority Access Service 

PCCIP .President’s Commission on Critical 

Infrastructure Protection 

PCM .Protected Critical Infrastructure Information 

POD .Presidential Decision Directive 

PN .Public Network 

PO .Program Office 

PSN .public switched network 

PSTN .Public Switched Telephone Network 

PWG .Plans Working Group 

QoS .Quality of Service 

R&D .Research and Development 

R&O .Report and Order 

RDTF .Research and Development Task Force 

RDX .Research and Development Exchange 

RDXTF .Research and Development Exchange 

Task Force 

REWG .Resource Enhancements Working Group 

RP .Restoration Priority 
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S&T .Science & Technology 

SAFETY Act. ... Support Anti-terrorism by Fostering Effective 
Technologies Act 

SATCOM .Satellite Communications 

see.Sector Coordinating Council 

SeOE .Security Center of Excellence 

SME .Subject Matter Experts 

SOP .Standard Operating Procedure 

SRWG .Security Requirements Working Group 

SS7 .Signaling System 7 

Stafford Act ... Robert T. Stafford Disaster Relief and 
Emergency Assistance Act 

STF .Satellite Task Force 

STU .Secure Telephone Unit 

TATF .Trusted Access Task Force 

Telecom Act. .. Telecommunications Act of 1996 

TEPITF .Telecommunications and Electric Power 

Interdependency Task Force 

TESP .Telecommunications Electric Service Priority 

TIM .Telecommunications Industry Mobilization 

TIP .Telecommunications Infrastructure Providers 

TOPOFF .Top Officials 

TSA .Transportation Security Administration 

TSP .Telecommunications Service Priority 

TSS .Telecommunications Systems Survivability 

USSS .United States Secret Service 

UST .Underground Storage Tanks 

W/LBRDSTF ... Wireless/Low-Bit-Rate Digital 
Services Task Force 

WPS .Wireless Priority Service 

WSPO .Wireless Services Program Office 

WSTF .Wireless Services Task Force 

WTF .Wireless Task Force 

Y2K .Year 2000 

Y2KAct .Year 2000 Readiness and Disclosure Act 
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